[BNM] Fwd: Message left on server: "Re: Is my site really infected?"
Rob Beattie
rob.beattie at gmail.com
Wed Feb 4 21:28:31 GMT 2009
Stuart Dunkeld wrote:
> Yes, the site is infected, the favicon.ico is a text file containing
> obfuscated JavaScript which injects the exploit into the body of the
> page.
>
> I decoded the Javascript, munged it up a bit so it's harmless, and put
> it in the body of the email, but obviously I didn't mung it enough for
> Gmail.
>
> The favicon.ico file also says this:
>
> !! HackeD By Stack-Terrorist[v40] !!
> .. 0wn3d ..
> ..v4 Team..
>
> Greetz: All Members
>
> v4 TeaM
>
> Mo0oRoCaiN HaCkeR
>
> --stuart
Thanks for this Stuart. How does a mug like
me get rid of this nonsense?
Can I FTP in, find the offending file and
just delete it?
thanks
rob
More information about the BNMlist
mailing list. Powered by Wessex Networks