Computer Related > Malware Miscellaneous
Thread Author: BiggerBadderDave Replies: 27

 Malware - BiggerBadderDave
It's come to my attention that my website appears to contain "malicious malware"

A warning message comes up when I try and view it.

What is it, how's it got there, what can I do to fix it really quickly?

I'm a real thicko when it comes to things like this, I don't know anything about it at all
 Malware - LEDFoot
what's your site? We can have a quick look for you.

Often this can happen if you have vulnerabilty in your code which can leave you open to SQL injection.

contact forms are often a favourite target for this as websites generally save those details into a database somewhere, likewise if your'e using a opensource cms such as wordpress etc and it's not latest version - you can be open to exploits. (sometimes even if is latest version :( )
-- as people spend alot of time trying to exploit any loopholes in these systems as they know they have a ready stack of sites they can try and hack.

Can also, easily happen if you allow people to upload files and u don't check well enough.

Furthermore, unfortunately this can often happen if u are on shared hosts and one of the others sites get compromised :(
Last edited by: LEDFoot on Fri 12 Mar 10 at 10:13
 Malware - BiggerBadderDave
It's www.euro-design.info

There is a contact form on there but I also allow one particular client to use my ftp where all my website stuff is stored and there is a lot of stuff up-loading and down-loading daily...

cheers!
 Malware - Focusless
BBD- doesn't answer your question, but on this page:
www.euro-design.kei.pl/what_we_do.html
I can only see the lower half of the top line of text - the upper half is hidden behind the browser frame. I'm using Firefox under linux.

Let me know if you want a screenshot.

EDIT: same happens on a couple of other pages
Last edited by: Focus on Fri 12 Mar 10 at 10:24
 Malware - Focusless
...sorry, forgot to say that I didn't get any warnings.
 Malware - BiggerBadderDave
Focus, for some reason this happens from time to time with some pcs, I think it was something to do with screen width. I meant to get round to sorting it but it works ok on Macs which are mainly used in my business.

Interestingly, I get the Malware warning on one of my Macs but not on the other...

As I say, I know nothing when it comes to these things!
 Malware - Focusless
>> Focus for some reason this happens from time to time with some pcs I think

Fair enough - just thought you ought to know, as I feel it undermines the "All the design work is closely overseen by Dave whose experience and eye for detail ensures that standards are maintained throughout the duration of the project".

The overall effect looks good though to my non-designer eye.
 Malware - Focusless
Actually I think there's a bigger problem on the Contact page:
www.euro-design.kei.pl/contact.html

The first line of text I can see starts with "questions, please don't hesitate to contact us" which implies I'm missing a whole line of text above it.
 Malware - Iffy
...I think there's a bigger problem on the contact page...

Focus,

This is what I am seeing:

If you would like to talk to us about a particular project
or if you have any comments or questions
please don't hesitate to contact us.

 Malware - car4play
The warning is customizable in Safari:



.. and don't get funny ideas about putting images in posts. We will allow this at some point in a more measured way!

EDIT: ".. in a really simple way".
Last edited by: car4play on Fri 12 Mar 10 at 11:03
 Malware - Iffy
..www.euro-design.kei.pl/what_we_do.html...

I've just had a root around the site and all appears to be working well for me.

Everything rendered as it should be and no warnings.

Using XP Pro (I should be working!) and the latest version of Firefox downloaded this morning.

The site looks quite smart, I thought.



 Malware - LEDFoot
We can see the javascript in the bottom of your homepage.

just view the source and you'll see it. (very last thing except for the comment)

So you should just be able to remove it. Seems to be only on the homepage. (but i've not checked all of them.)

question is : how did it get there? No point bailing water if you haven't plugged the hole...
 Malware - BiggerBadderDave
"Fair enough - just thought you ought to know, as I feel it undermines the "All the design work is closely overseen by Dave whose experience and eye for detail ensures that standards are maintained throughout the duration of the project"."

Very true and completely inexcusable of course, I will sort it when I just get that quiet moment!


"The site looks quite smart, I thought." Thanks ifithelps, it's my first and only attempt at creating a website.



"We can see the javascript in the bottom of your homepage.

just view the source and you'll see it. (very last thing except for the comment)

So you should just be able to remove it."

...sorry, how do I do that....?
 Malware - Iffy
...The site looks quite smart, I thought." Thanks ifithelps, it's my first and only attempt at creating a website...

I'm no designer, but there must be a temptation to try too hard.

Your site looks clean and simple, which I think appeals to most people.

The prose also appealed to me.

Not too much of it, short sentences, simply constructed.

Again, this is the most effective way to communicate with the highest number of people.

An old saying in newspapers is no more than 17 words in a sentence.
Last edited by: ifithelps on Fri 12 Mar 10 at 11:32
 Malware - LEDFoot
>> ...sorry how do I do that....?
>>

sorry only just noticed your question there.

The script is in the html of the homepage.

Assuming the home page isn't getting dynamically generated...(doesn't look like it is)
you can just edit your 'index.htm' page.

Connect to your webserver in the normal way you do it (ftp or through a web interface) 'index.htm' should be there in the top directory once you've connected.

Editing the file:

You will have to select everything in the script tag at the bottom and delete it. Basically it looks like this:
(substitute the symbol's [ & ] for < & > )
----------------------
[script]
nasty code
[/script]
-----------------------
(delete everything between the dotted lines)

Resave and you're done. that will at least stop the messages in the short term.
Last edited by: VxFan on Sat 13 Mar 10 at 11:28
 Malware - LEDFoot
Sorry I wrote something between the dotted lines in my last post but the forum wiped it out.

That's to stop people injecting nasty scripts into this site of course!!


This link shows an example of the script tag.

www.w3schools.com/TAGS/tag_script.asp

So just delete everything inside this tag, and the tag itself.

Sorry, feel I could have said all this more succinctly but hopefully it makes sense.
 Malware - VxFan
>> Sorry I wrote something between the dotted lines in my last post but the forum wiped it out.

Sorted it out for you. VxFan - Mod.
 Malware - LEDFoot
thanks :)
 Malware - LEDFoot
I'd be suspicious of your contact form as it doesn't seem to be doing any validation. Hard to know without seeing the underlying code (the 'mailer.php' script you're using)

I wouldn't rule out the shared hosts being compromised though either.

If you're really stuck maybe you could email Stephen (my Gaffa) the proprietor of this very site as he's lots of experience with security/website hardening (and can offer hosting -- if you're really really stuck)
 Malware - BiggerBadderDave
Many thanks LEDfoot, I think I might just do that, I was thinking of changing hosts...
 Malware - car4play
Yeah - no problem. Of course car4play mates' rates.
 Malware - Statistical Outlier
BBD, nice site, but in the 'What we've done - Marketing' page I get an error that Sophos has detected:

Virus/Spyware Troj/JSRedir-AR

More info here:

www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirar.html
 Malware - borasport
just browsing to your home page and straight away ESET/Nod32 gives a warning !

JS/TrojanDonwloader.Agent.NRV Trojan

 Malware - LEDFoot
Yes, the script in the home page footer is running away to a russian URL which is trying to download the trojan to visiters machines.

So if you're not sure, I wouldn't recommend checking it out (till BBD's got it fixed at least)
 Malware - ....
Google have produced a report on your Russian visitors.
google.com/safebrowsing/diagnostic?site=recentmexico.ru/&hl=en
 Malware - BiggerBadderDave
This should be sorted now. I don't know why I didn't think of it before, I just trashed the whole lot and uploaded it from my back-up files. Seems to have worked...

Now can someone explain why my microwave and normal oven both died on the same day? I'm beginning to think old Indian burial ground...

Many thanks to all who took the time and effort to give me advice

Dave
 Malware - MD
Works for me Dave. Nice site.

MD
 Malware - Zero

>> day? I'm beginning to think old Indian burial ground...

In Poland? wow, now that could be a money spinner, let along change the way we thought about human migration and evolution.
Latest Forum Posts