Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Syrian-martyrs.com website probably compromised by virus

hadi hadi at riseup.net
Tue Jan 29 14:23:21 PST 2013


Many thanks for posting. I'll spread this to my Syrian friends just to
be aware of this.

All the best,
Hadi



On 01/29/2013 11:05 PM, KheOps wrote:
> Dear Libtech,
>
> We just saw that the website : http://www.syrian-martyrs.com is probably
> compromised. Every page of the website contains an iFrame which links to
> a .exe file which is detected as a virus by antivirus software:
> http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe
>
> The fact that the HTML code is present at the bottom of each page makes
> me think that the "index.php" page has been changed in a way that makes
> that iFrame appear on every page of the website, after the dynamic
content.
>
> It also probably means that the attackers have some kind of access to
> the server. My guess would be going to a PHP shell, but I'm no expert in
> this.
>
> Any help, clue, investigation, would be very welcome :)
>
> Thank you,
> KheOps
>
>
>
> --
> Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130129/68198e58/attachment.html>


More information about the liberationtech mailing list