Malware on my web space

Web hosting, FTP/database access, mirror services and hosted blogs
Post Reply
flash
Posts: 4
Joined: Wed Sep 15, 2010 7:26 pm
Location: NSW

Malware on my web space

Post by flash » Tue Apr 26, 2011 11:25 pm

Not sure if I need to be worried or not, but I just went to visit my own Exetel webspace and Avast gave me a warning about html:script.inf on the site and dropped the connection. I tried it from another browser and another computer with the same result.

I checked my site with unmaskparasites.com and sitecheck.sucuri.net and found MW:JS:612 - securi.net says the following about this malware, "Encoded javascript included and used to distribute malware. It calls a malicious iframe once loaded. Also known as “HTTP Malicious Toolkit Variant Activity 12″ or “createCSS” malware".

All I have done is to note the modified date/time of each file on my site (thankfully it's not big!) and found that each occurrence of index.html, home.html and home.php had all been changed at about 6.20am on 24th April. I replaced the files with clean ones from my local machine, then ran the checks again, this time coming up clean.

So, I guess what I'm asking is:
1. Is there anything else I need to do?
2. Is it just me, or are/were there others affected?
3. Do I need to change my password to access the web space?

Thanks.
Top
jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: Malware on my web space

Post by jokiin » Wed Apr 27, 2011 12:19 am

flash wrote: 3. Do I need to change my password to access the web space?

Thanks.
I'm not sure if it's a need (depends how exactly your site was compromised) but I would do it anyway as a precautionary measure
Top
thejeg

Re: Malware on my web space

Post by thejeg » Wed Apr 27, 2011 8:34 am

flash wrote:1. Is there anything else I need to do?
If the scan results showed you It's clean... I believe you can leave it at that
flash wrote:2. Is it just me, or are/were there others affected?
It's definitely has not affected everyone else.......... Your web space may be affected may be because your pc was affected before?
flash wrote:3. Do I need to change my password to access the web space?
I believe changing the password will secure the web space more, so it's a good move
Top
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Malware on my web space

Post by Dazzled » Wed Apr 27, 2011 8:56 am

Is your password stored in an FTP client running on Windows? Most passwords saved this way are quickly recoverable - they can even be kept in clear in .xml files. If this is the case, check your computer for an infection that is harvesting passwords.
Top
Post Reply

Return to “Web space, mirror & blog services”