Webmasters,
*** give widest distribution***
Check all index.html's, index.php, and login.php files of your site(s). Malicious code was found appended to all these files on my website. I removed, and 'chmod'ed, all files listed to read access only. *These files were clean when uploaded*
The code appended to these files cause a "your registry has error's click here to fix", and other simular pop-up's to appear depending on reloads of your site (A hotjobs.com one was also generated when I purposely executed the jave code in a contolled enviroment to see) in another window, tab, or even a pop-up if enabled, to vistors of your site when IE interprets the html file.
As my site has not been made public yet, the only ip's found were my own, one belonging to google and yahoo, and one 80.xxx.xxx.xxx (a .ru i/p) which I suspect is a bot that tries to write this code to files that are not set to 0444. Note, a "Frontpage extension" file was also found on my site with the same code.
Also note, this has nothing to do with vBulletin, I checked my archive I recently downloaded, and they are clean
*** give widest distribution***
Check all index.html's, index.php, and login.php files of your site(s). Malicious code was found appended to all these files on my website. I removed, and 'chmod'ed, all files listed to read access only. *These files were clean when uploaded*
The code appended to these files cause a "your registry has error's click here to fix", and other simular pop-up's to appear depending on reloads of your site (A hotjobs.com one was also generated when I purposely executed the jave code in a contolled enviroment to see) in another window, tab, or even a pop-up if enabled, to vistors of your site when IE interprets the html file.
As my site has not been made public yet, the only ip's found were my own, one belonging to google and yahoo, and one 80.xxx.xxx.xxx (a .ru i/p) which I suspect is a bot that tries to write this code to files that are not set to 0444. Note, a "Frontpage extension" file was also found on my site with the same code.
Also note, this has nothing to do with vBulletin, I checked my archive I recently downloaded, and they are clean
Comment