But just a while ago my anti virus is going crazy... a new .js script file is on the loose on my PC.... and my Anti virus cannot find a way to delete it.... the system is saying VIRUS TREAT MALICIOUS FILE DETECTED... so its time for a dig up to the core of the problem.....
I run a full system scan for my PC but after long hours of waiting nothing happen... the virus is still present.... I tried to used different manual ways to find and delete the virus... and I find it..
it is a .js script file that can do many to your PC... it uses IFRAME to do the task.....
and I see this article from a fellow bloger about this new virus attacks...
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Madrid, April 24, 2008 - PandaLabs has reported a vulnerability in Internet Information Server which is allowing a massive hacker attack. This attack currently affects 282,000 Web pages, and this number could
increase drastically.
This security problem allows hackers to inject SQL code in all the pages hosted on a Web server. This code is designed to redirect all visitors at compromised pages to a malicious website which analyzes systems for vulnerabilities that could be used to download all types of threats.
The situation is exacerbated by the fact that most of the web pages affected show no suspicious signs whatsoever and many of them have numerous visitors.
How to detect if a web page has been manipulated:
Panda Security advises all webmasters with pages hosted on Internet Information Server to check as soon as possible if their web pages have been affected. The procedure is simple, as it involves searching for a specific code string in the source code of the web page, associated to an IFRAME tag. This string is:
..::.. script src="http://www.nihaorr1.com/1.js ..::..
If detected, it should be immediately eliminated and those responsible for administering the server hosting the Web pages should be warned to enable them to implement the corresponding security measures.
Given the large number of Web pages affected, many users could have been infected by all types of malicious code, including new strains as yet unrecognized by security companies. To check if systems are infected, Panda Security advises users to go to http://www.infectedornot.com, and scan their computers, free of charge, with the ActiveScan 2.0 online scanner, a security solution that operates on the basis of 'collective intelligence' and can detect many more threats than any other security solution.
More information is available in the PandaLabs blog:
http://www.pandalabs.com
From http://coisasdehardsoft.blogspot.com/2008/04/virus-alerts-by-panda-security.html
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
of course it will be part of the my collection....
this is how the script is writen......
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
it loads the web page in the src area to the web-page you open....correct me if I'm wrong I think this is the reverse of POP UPS andI it is called pop under....
No comments:
Post a Comment