Some of the websites we host at Vortech have had some files changed misteriously. Mostly, index, default, login and admin named files, html and asp.
Some misterious snippet of code has been added to several pages of some websites and they call to an outside url where a trojan is detected.
I spent the night clearing some of the pages and two guys are still working hard at it at the office to clean everything up. I even deleted the ftp application I had running on my machine fearing some kind of unauthorizes application is using it to infect the files. Now we're resetting all ftp passwords and not savind them in the ftp configuration anymore.
I could tell by the date on the infected files that files were changed three times in different websites at different times as well, yesterday only.
Funny thing is that all pcs on my network at the office were shut down yesterday. However my pc was running and connected all day.
Nod32 gets updated everyday and If its some kind of virus, I thought it should have stopped it.
I learned this morning that several other servers presented the same problems. Below is an image with the type of code that is being inserted on the files. I inserted the image because Im afraid someone might click on it and without an updated antivirus they might get infected.
If anybody has had any previous experience with it and nailed down the source of the problem, please share it.
Thanks
Eder
10-22-2007, 12:24 PM
Similar Threads
Linear Mode
