Sunday, May 4, 2008

Trojan Downloader Javascript infect more than 297.000 PHP Websites around the World

A friend site is infected and more than 32.800 (result depence how you search) more php based websites mostly on apache server hosted domains around the world with trojan downloader script!

Sample: trojan.jpg

ImageBanana - trojan.jpg

Google result Trojan Downloader Java script infected Domains:

this code someone inject into php forum sites in the header section
script src="

MS Windows Live OnCare found it!
Status of Nod32?

What to do as site visitor:
Close webbrowser
Delete / empty Java catch folder
delete / empty Web browser catch folder

Save your server access log - analyse post requests to sql + more... source ip address,...

Update within 2h:
Ergebnisse / Search Results 1 - 10 von ungefähr 370.000 für
Means about 370.000 Websites infected!!!

The Cross site Trojan Downloader Java Script is hosted by

Its only 2 months ago as an iFrame-injection attack, redirected users to a malicious site with (ONLY) 165,000 Web sites infections... read more

No comments:

Post a Comment