Reply to "attention! urgent! virus on auctiva.com; Trojan-Clicker.HTML.IFrame.kr"

bigmuzMember

Hi Jeff,

A webserver I manage has been the victim of the same attack you have experienced, and I have not yet been able to identify the cause. I would really appreciate it if you could contact me with any information you have on the method they used.

My compromised webserver is a Windows 2003 server/IIS 6.

quote:
Originally posted by Auctiva Jeff:

Most importantly we found what we believe was the method they were able to put the malware files on our server and have removed that.

Many thanks.

2/23/098:52 PM

<ul id="{%=id%}ButtonGroup" class="button-group h-popup-buttons even-button-group even-1">
    <li id="{%=id%}Okay_buttonContainer"><a id="{%=id%}Okay" href="javascript:void(0);" class="button success no-margin-bottom h-alert-modal-ok-button" role="button">OK</a><script type="text/javascript">
        (function() {
            function {%=id%}Okay_click(event, data) {
            {%=id%}Popup.hide();
        }
        
                $('#{%=id%}Okay').on('click', {%=id%}Okay_click);
        })();
    </script></li></ul><a href="javascript:void(0);" class="close-reveal-modal" aria-label="Close Modal">&#215;</a><div class="last-modal-focus focus-utility-element" tabindex="0"></div>
</div>
<script type="text/javascript">
        (function() {
            {%=id%}Popup = new SS.Popup.ModalPopup('{%=id%}');
        })();
    </script>

Skip to main content

Membership Required

Remove From Your Block List

Manage Follow Preferences

Block

Please wait...