Page 1 of 1

Malware on my web space

Posted: Tue Apr 26, 2011 11:25 pm
by flash
Not sure if I need to be worried or not, but I just went to visit my own Exetel webspace and Avast gave me a warning about html:script.inf on the site and dropped the connection. I tried it from another browser and another computer with the same result.

I checked my site with unmaskparasites.com and sitecheck.sucuri.net and found MW:JS:612 - securi.net says the following about this malware, "Encoded javascript included and used to distribute malware. It calls a malicious iframe once loaded. Also known as “HTTP Malicious Toolkit Variant Activity 12″ or “createCSS” malware".

All I have done is to note the modified date/time of each file on my site (thankfully it's not big!) and found that each occurrence of index.html, home.html and home.php had all been changed at about 6.20am on 24th April. I replaced the files with clean ones from my local machine, then ran the checks again, this time coming up clean.

So, I guess what I'm asking is:
1. Is there anything else I need to do?
2. Is it just me, or are/were there others affected?
3. Do I need to change my password to access the web space?

Thanks.

Re: Malware on my web space

Posted: Wed Apr 27, 2011 12:19 am
by jokiin
flash wrote: 3. Do I need to change my password to access the web space?

Thanks.
I'm not sure if it's a need (depends how exactly your site was compromised) but I would do it anyway as a precautionary measure

Re: Malware on my web space

Posted: Wed Apr 27, 2011 8:34 am
by thejeg
flash wrote:1. Is there anything else I need to do?
If the scan results showed you It's clean... I believe you can leave it at that
flash wrote:2. Is it just me, or are/were there others affected?
It's definitely has not affected everyone else.......... Your web space may be affected may be because your pc was affected before?
flash wrote:3. Do I need to change my password to access the web space?
I believe changing the password will secure the web space more, so it's a good move

Re: Malware on my web space

Posted: Wed Apr 27, 2011 8:56 am
by Dazzled
Is your password stored in an FTP client running on Windows? Most passwords saved this way are quickly recoverable - they can even be kept in clear in .xml files. If this is the case, check your computer for an infection that is harvesting passwords.