Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
EDC:
Download extensions for Elxis CMS
.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
General
(Moderators:
Ivan Trebješanin
,
Farhad Sakhaei
) »
website virus attack on js files info and warning
« previous
next »
Print
Pages: [
1
]
Author
Topic: website virus attack on js files info and warning (Read 4741 times)
xmanhattan
Hero Member
Posts: 1235
If I'm still breathing, I'm doing something!
website virus attack on js files info and warning
«
on:
February 06, 2012, 12:17:52 »
FYI - for your information
I have a client that did not know that their workstations were compromised by viruses. Apparently the viruses affected javascript and php files on their Internet website.
Additional files that were affected include root directory:
index.php
index2.php
configuration.php was also modified.
a new file named default.php was created but I have not finished reviewing what this file actually does.
Additionally files in the templates directory:
index.php
index2.php
index.html
Regarding the js files, I have found that the iosdvmenu .php and .js files were affected.
Restoring from backups was not possible because I found that even the oldest backup dated in January 2012 was infected.
I am also unsure as yet whether the virus transfers login information to a third party.
After restoring files from the latest 2009.3 download I thought that I managed to stop the virus but apparently some files elsewhere on their website managed to re-clone and corrupt other .php and .js files.
The lesson so far is that it is better to delete every file from the root directory on the website and re-install.
Clients must use anti-virus and must keep them up to date.
How does one learn that their website has a virus or that it maybe transmitting viruses?
You will see a warning like the one that follows and possibly an email from google if the website is listed under google webmaster.
«
Last Edit: February 06, 2012, 16:55:31 by xmanhattan
»
Logged
Bournias.net
xmanhattan
Hero Member
Posts: 1235
If I'm still breathing, I'm doing something!
Re: website virus attack on js files info and warning
«
Reply #1 on:
February 06, 2012, 14:17:23 »
This was not a virus but a trojan that transferred from workstations to the website.
The worse aspect about this virus is that website visitors can become infected with this trojan and spread it.
The suspected website must be placed offline until all files have been analyzed and verified as cleaned.
More information on this can be found here:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-102718-1528-99
Logged
Bournias.net
datahell
Elxis Team
Hero Member
Posts: 10356
Re: website virus attack on js files info and warning
«
Reply #2 on:
February 06, 2012, 14:43:15 »
Peter in an email you sent me there was a virus and I deleted it without reading it. I forgotten to tell you...
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
xmanhattan
Hero Member
Posts: 1235
If I'm still breathing, I'm doing something!
Re: website virus attack on js files info and warning
«
Reply #3 on:
February 06, 2012, 16:04:02 »
That's okay. Sorry that I sent it to you but I thought at first that the files had code that a hacker had placed in them and that you might need to see them. After studying the code further I checked it with my antivirus and it immediately deleted it.
That is when I realized that it was using php and js to clone itself into different php programs in elxis on the client web server.
From what I have seen, the trojan used any javascript that it could to place itself into php files and into the index.html files so that any files being served to visitors would also infect those who do not have anti-virus updated.
This is a lesson for implementers, clients, and visitors.
Logged
Bournias.net
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
General
(Moderators:
Ivan Trebješanin
,
Farhad Sakhaei
) »
website virus attack on js files info and warning