1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Web-based malware hits 40,000 sites

Discussion in 'Article Discussion' started by CardJoe, 4 Jun 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
    CardJoe, 4 Jun 2009
    #1
  2. kenco_uk

    kenco_uk I unsuccessfully then tried again

    Joined:
    28 Nov 2003
    Posts:
    9,890
    Likes Received:
    479
    I wish these sort of things would be done in a controlled environment.
     
    kenco_uk, 4 Jun 2009
    #2
  3. WeWatchYourWebsite

    WeWatchYourWebsite What's a Dremel?

    Joined:
    4 Jun 2009
    Posts:
    1
    Likes Received:
    0
    We've seen the majority of these are located after the closing html tag in the file. You can locate the files on your PC if you search for unescape and then look at the code. If it's something you didn't put there, it could be either one of these infections (I'm not sure what they're called yet) or a martuz or gumblar type of malscript.

    If it's a martuz or gumblar, it will probably be located after the closing head tag, but before the opening body tag.

    That's been our experience anyway. YMMV
     
    WeWatchYourWebsite, 4 Jun 2009
    #3
  4. B3CK

    B3CK Minimodder

    Joined:
    14 Jun 2004
    Posts:
    402
    Likes Received:
    3
    Have had about 60 calls on virus showing up as goldrun, detected by malwarebytes-antimalware. So far only the customers with malwarebytes, and avira both installed are calling in. This all started yesterday, guessing this might be it? so far, we are just re-imaging, as none of the scanners we use seem to repair/remove the problem.
     
    B3CK, 4 Jun 2009
    #4
  5. Jasio

    Jasio Made in Canada

    Joined:
    27 Jun 2008
    Posts:
    810
    Likes Received:
    13
    Yeah, I've seen several sites infected with this; it's an iframe embedded worm originating from a series of Chinese servers. Pretty easy to block but nonetheless very annoying.
     
    Jasio, 4 Jun 2009
    #5
  6. airchie

    airchie What's a Dremel?

    Joined:
    22 Mar 2005
    Posts:
    2,136
    Likes Received:
    2
    +1 for FF + NoScript tbh. :)
     
    airchie, 4 Jun 2009
    #6
  7. webdesignone

    webdesignone What's a Dremel?

    Joined:
    17 Jun 2009
    Posts:
    2
    Likes Received:
    0
    HELP please with malware issue !!

    :wallbash::waah::read:I have been infected with malware that has infiltraited all of my web projects, in my entire ftp, I have cleaned our the nasty scripts, taken down all files and replaced them to clean out the ftp and all files, I have purchased over 300 in maleware tool removers and still the nasty thing is back. Any suggestions? We have purchased root kit cleaners everything to this point adn now it has infected yet still a second server and all files there as well. NEED HELP IN THE WOSRT WAY PLEASE.. you can email me direct with any suggestions Avast paid professional version, Norton paid pro , windows defender, and zone,has not helped. I need to be rid of this phising and redirect attackes anyone ??? Please !:read::search::wallbash::waah:
     
    webdesignone, 17 Jun 2009
    #7
  8. webdesignone

    webdesignone What's a Dremel?

    Joined:
    17 Jun 2009
    Posts:
    2
    Likes Received:
    0
    to email or not to email that is the question!

    HI FELLOW CANADIAN I am having significant issue from this please email me I need advise . Ciao webdesignone
     
    Last edited: 17 Jun 2009
    webdesignone, 17 Jun 2009
    #8
Tags: Add Tags

Share This Page