Many thanks for posting. I'll spread this to my Syrian friends just to be aware of this.
All the best, Hadi On 01/29/2013 11:05 PM, KheOps wrote: > Dear Libtech, > > We just saw that the website : http://www.syrian-martyrs.com is probably > compromised. Every page of the website contains an iFrame which links to > a .exe file which is detected as a virus by antivirus software: > http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe > > The fact that the HTML code is present at the bottom of each page makes > me think that the "index.php" page has been changed in a way that makes > that iFrame appear on every page of the website, after the dynamic content. > > It also probably means that the attackers have some kind of access to > the server. My guess would be going to a PHP shell, but I'm no expert in > this. > > Any help, clue, investigation, would be very welcome :) > > Thank you, > KheOps > > > > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech