IIS site hacked with ww.robint.us malware

Posted by sucuri on Server Fault See other posts from Server Fault or by sucuri
Published on 2010-06-08T21:15:52Z Indexed on 2010/06/08 21:23 UTC
Read the original article Hit count: 311

Filed under:

hacked

A bunch of IIS sites got hacked with a javascript malware pointing to ww.robint.us/u.js.

Google cache says more than 1,000,000 different pages got affected:

http://www.google.com/#hl=en&source=hp&q=http%3A%2F%2Fww.robint.us%2Fu.js

http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

My question is: Did anyone here got hacked with that and still have any logs (or network dump) available for analysis? If you do, have you spotted anything interesting in there?

Sites as big as wsj.com got hacked and some people are saying that maybe a zero-day on IIS/ASP.net is in the wild...

Related posts about hacked

Finding how a hacked server was hacked

as seen on Server Fault - Search for 'Server Fault'
I was just browsing through the site and found this question: My server's been hacked EMERGENCY. Basically the question says: My server has been hacked. What should I do? The best answer is excellent but it raised some questions in my mind. One of the steps suggested is to: Examine the… >>> More
IIS site hacked with ww.robint.us malware

as seen on Server Fault - Search for 'Server Fault'
A bunch of IIS sites got hacked with a javascript malware pointing to ww.robint.us/u.js. Google cache says more than 1,000,000 different pages got affected: http://www.google.com/#hl=en&source=hp&q=http%3A%2F%2Fww.robint.us%2Fu.js http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us… >>> More
Router/Security question: Am I hacked?

as seen on Super User - Search for 'Super User'
Hi, all. I've noticed that my home broadband speed seems to be a bit slow in recent days. I noticed, last night, that my Wireless Router had given a DHCP lease to a public IP address with an odd formation; something like 111.10.11.110. Should I consider these warning sings of my ZyXEL router being… >>> More
Windows Server 2003 Hacked - Files Being Uploaded

as seen on Server Fault - Search for 'Server Fault'
Blank directories are being created on my Windows Server 2003 virtual server with sub directories that are weird (for example: "88ÿ ÿ ÿÿþþ þþ13þ"). It looks like they are uploading bootlegged DVDs and pirated software. All of my bandwidth and file space is being eaten up. Could this be a shared… >>> More
Linux Server hacked?

as seen on Server Fault - Search for 'Server Fault'
I'm trying to determine if this linex webserver/openfire server has been compromised by some form of malware or a hacker. Can you please help me determine if this server has been hacked? The snippet of logs below are from the linux server running apache. A few days ago the moodle site, which is installed… >>> More

Developer IT

IIS site hacked with ww.robint.us malware - Developer IT

IIS site hacked with ww.robint.us malware

hacked

Related posts about hacked

Finding how a hacked server was hacked

IIS site hacked with ww.robint.us malware

Router/Security question: Am I hacked?

Windows Server 2003 Hacked - Files Being Uploaded

Linux Server hacked?

Categories cloud