There is a trojan around infecting sites with a encrypted script starting ‚var zaee=“4.5*2,4.5*‘ and iframe src linking to zxstats com and bali-planet com

This script is to find right after the body tag of index.html files and infects the PC of a visitor by loading an .exe file.
This file in return seems to scan infected PCs for ftp login user and passwords.
Finding these for example in filezilla’s passwordmanager in C:\Users\username\AppData\Roaming\FileZilla\sitemanager.xml it will send these ftp usernames and passwords out and try to access the sites stored in this file.

These sites will get this script injected via ftp to infect more visitors or even your machine again. (suspicious sites I check with chrome having javascript disabled)

There will be all index, start, home and main files with extension .php or .html infected by an added script.

The problem is the stolen ftp login, not any blog software or CMS running there! Giving ftp passwords out of hand no website software can prevent from changing files!

Sites running on php might not work after infection and show an error instead, like „Parse error: syntax error, unexpected ‚?‘ in /xxx/yyy/public_html/index.php on line 18“ (WordPress) or „Parse error: syntax error, unexpected ‚?‘ in /xxx/yyy/public_html/modules/boonex/chat/home.php on line 38“ (Boonex Dolphin)

Actually lucky for visitors as in this case the script doesn’t run and will not infect their machines. In .php files the script is added after the last ‚?‘ and before the closing ‚>‘ and doesn’t work here.

What to do?
First clean your PC from trojans using any anti virus software (malwarebytes, MS Essentials)
Do not store login passwords in Filezilla Servermanager, if you have it there delete it and set it for ‚Ask for Password‘ to manually typing it.
Change your infected servers ftp password (and do not store in the ftp program!!)

With your new login go to your site and ‚repair‘ all infected files by replacing them with a backup file or editing and removing the malicious code – that’s the biggest task ..

Fire Boy and Water Girl In The Forest Temple Hacked Invincible, Can you operate two characters at once?FireBoy and WaterGirl in The Forest Temple Hacked!Get this couple to the exit, while collecting diamonds.Naturally, each has Penalty Fever, Try to kick the soccer ball and get it into the goal. Then switch and defend your goal. This uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. Amy Webb: How I hacked Amy Webb was having no luck with online dating. The dates she liked didn't write her back, and her own profile attracted crickets (and worse). So, as any fan of data would do: she started Tags: webb, hacked, online, dating, Offset’s iCloud Got Hacked & It Shows Alleged Leaked Video Of Him Cheating On Cardi B With Mystery Woman! THE LUAS WEB is down for the day after being hacked. Luas operator Transdev said that the attack was “professional” and that the is being ysed to see how the attack happened. It Joinreds of other Developers and InfoSec professionals for Training, Sessions and Community at our first conference of 2019 [AppSec Tel Aviv, May 26-30th]

2 Kommentare Schreibe einen Kommentar

  1. Vielleicht solltest du Facebook (z.B. Like Pages) und Twitter auf deiner Page integrieren?! Auf jeden Fall hast du dir viel Mühe dafür gegeben, Danke