Tweet
Just thought I'd warn you guys about a forum / wordpress Trojan which is doing the rounds and hit all my sites.
It's basically an sql injection and a file overwrite Trojan. In most cases you will visit the forum or wordpress blog and have no clue that malicious code is coming down to you through your browser. In my case I had several high quality and respected antvirus, spyware and adware tools in place and not one of them warned me. The only software that reports it is Avast antivirus. Google site checks, AVG, Norton, Symantec, spybot, adaware, comodo..... none of them detect this.
So how do you know?
If the forum seems unusually slow and you get a lot of disc activity and what seems like a browser freeze for a few seconds then that is one warning (and what I got). Alternatively you can get the adobe acrobat plugin fail and an error message pop up.
The worst thing about this trojan is that in most cases it is getting onto a server through the hosts security and then attacks every site on that server. In my case the hacker hadn't bothered to try to go through my security and had attacked the php server itself. IX webhosting have been hit hard by this and over 1/3rd of all their sites are affected (they are a very big hosting company).
Lastly you can view the source of a page you suspect and if you see the text "Yahoo! Counter" and then a load of gobbledy gook following it then that site is infected.
In my case the trojan was ineffectual and fortunately did no damage to any of my site visitors but I think that was just incompetence of the hacker and a bit of luck.
If you get attacked successfully by this trojan it can install various hacks on your machine, one of which is a key logger. It can also place a bogus sysaudio file in your windows/system32 folder. Be careful out here as this one is extremely prolific right now.
It's basically an sql injection and a file overwrite Trojan. In most cases you will visit the forum or wordpress blog and have no clue that malicious code is coming down to you through your browser. In my case I had several high quality and respected antvirus, spyware and adware tools in place and not one of them warned me. The only software that reports it is Avast antivirus. Google site checks, AVG, Norton, Symantec, spybot, adaware, comodo..... none of them detect this.
So how do you know?
If the forum seems unusually slow and you get a lot of disc activity and what seems like a browser freeze for a few seconds then that is one warning (and what I got). Alternatively you can get the adobe acrobat plugin fail and an error message pop up.
The worst thing about this trojan is that in most cases it is getting onto a server through the hosts security and then attacks every site on that server. In my case the hacker hadn't bothered to try to go through my security and had attacked the php server itself. IX webhosting have been hit hard by this and over 1/3rd of all their sites are affected (they are a very big hosting company).
Lastly you can view the source of a page you suspect and if you see the text "Yahoo! Counter" and then a load of gobbledy gook following it then that site is infected.
In my case the trojan was ineffectual and fortunately did no damage to any of my site visitors but I think that was just incompetence of the hacker and a bit of luck.
If you get attacked successfully by this trojan it can install various hacks on your machine, one of which is a key logger. It can also place a bogus sysaudio file in your windows/system32 folder. Be careful out here as this one is extremely prolific right now.
Comment