Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] website probably compromised by virus

KheOps kheops at
Tue Jan 29 14:05:15 PST 2013

Dear Libtech,

We just saw that the website : is probably
compromised. Every page of the website contains an iFrame which links to
a .exe file which is detected as a virus by antivirus software:

The fact that the HTML code is present at the bottom of each page makes
me think that the "index.php" page has been changed in a way that makes
that iFrame appear on every page of the website, after the dynamic content.

It also probably means that the attackers have some kind of access to
the server. My guess would be going to a PHP shell, but I'm no expert in

Any help, clue, investigation, would be very welcome :)

Thank you,

More information about the liberationtech mailing list