Thanks again guys. Niels - thanks for pointing that out. I actually just caught that about an hour before you sent that message. Someone earlier recommended some other good search terms to use in a grep. (document.write, etc).
Kent - I hope this is it, as having some harder to find decrypted code sounds scary to find. I submitted another review a few hours ago, hopefully this will remove the warning. thanks again to everyone. On Thu, Oct 2, 2008 at 12:49 PM, Niels Provos <[EMAIL PROTECTED]> wrote: > > On Oct 1, 6:58 pm, "Steve Thompson" <[EMAIL PROTECTED]> wrote: > > I have no idea on what to do at this point. I am even willing to pay > > someone to scan my server or do whatever it takes to resolve this problem > > and ensure it doesn't happen again. I feel like I am pretty experienced > in > > server management (I have 5 boxes), but this is beyond me at this point. > It > > is just so irritating. > > Take a look at: > > http://www.thefinalfantasy .com/forums/clientscript/vbulletin_md5.js > > This obfuscated Javascript injects content from > > http://www.google-analytices .com/ga.js > > which is a malware distribution site. > > Niels > Google Anti-Malware Team > > > -- :::steve thompson::: http://www.stevejthompson.com --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
