Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Syrian-martyrs.com website probably compromised by virus

Andrew Lewis me at andrewlew.is
Tue Jan 29 14:25:56 PST 2013


I can get to this in 6 hours or so, maybe someone is willing to jump
on this before then?

-Andrew

On Jan 30, 2013, at 11:06 AM, KheOps <kheops at ceops.eu> wrote:

> Dear Libtech,
>
> We just saw that the website : http://www.syrian-martyrs.com is probably
> compromised. Every page of the website contains an iFrame which links to
> a .exe file which is detected as a virus by antivirus software:
> http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe
>
> The fact that the HTML code is present at the bottom of each page makes
> me think that the "index.php" page has been changed in a way that makes
> that iFrame appear on every page of the website, after the dynamic content.
>
> It also probably means that the attackers have some kind of access to
> the server. My guess would be going to a PHP shell, but I'm no expert in
> this.
>
> Any help, clue, investigation, would be very welcome :)
>
> Thank you,
> KheOps
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech



More information about the liberationtech mailing list