Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] website probably compromised by virus

Andrew Lewis me at
Tue Jan 29 14:25:56 PST 2013

I can get to this in 6 hours or so, maybe someone is willing to jump
on this before then?


On Jan 30, 2013, at 11:06 AM, KheOps <kheops at> wrote:

> Dear Libtech,
> We just saw that the website : is probably
> compromised. Every page of the website contains an iFrame which links to
> a .exe file which is detected as a virus by antivirus software:
> The fact that the HTML code is present at the bottom of each page makes
> me think that the "index.php" page has been changed in a way that makes
> that iFrame appear on every page of the website, after the dynamic content.
> It also probably means that the attackers have some kind of access to
> the server. My guess would be going to a PHP shell, but I'm no expert in
> this.
> Any help, clue, investigation, would be very welcome :)
> Thank you,
> KheOps
> --
> Unsubscribe, change to digest, or change password at:

More information about the liberationtech mailing list