Search Mailing List Archives
[liberationtech] Syrian-martyrs.com website probably compromised by virus
sina at redteam.io
Tue Jan 29 14:32:24 PST 2013
-----BEGIN PGP SIGNED MESSAGE-----
<iframe name="I1" width="10" height="10"
:/ if you are running windows don't even go there!!!
> I can get to this in 6 hours or so, maybe someone is willing to
> jump on this before then?
> On Jan 30, 2013, at 11:06 AM, KheOps <kheops at ceops.eu> wrote:
>> Dear Libtech,
>> We just saw that the website : http://www.syrian-martyrs.com is
>> probably compromised. Every page of the website contains an
>> iFrame which links to a .exe file which is detected as a virus by
>> antivirus software:
The fact that the HTML code is present at the bottom of each page makes
>> me think that the "index.php" page has been changed in a way that
>> makes that iFrame appear on every page of the website, after the
>> dynamic content.
>> It also probably means that the attackers have some kind of
>> access to the server. My guess would be going to a PHP shell, but
>> I'm no expert in this.
>> Any help, clue, investigation, would be very welcome :)
>> Thank you, KheOps
>> -- Unsubscribe, change to digest, or change password at:
> -- Unsubscribe, change to digest, or change password at:
“Be the change you want to see in the world.” Gandhi
OTR: inf0 at jabber.ccc.de
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the liberationtech