theregister.co.uk — More than 40,000 websites worldwide have fallen under the spell of a sneaky piece of attack code that silently tries to install malware on the machines of people who visit them, security experts from Websense have warned.The mass attack has been dubbed Beladen because beladen.net is one of the internet domains used to unleash a swarm of exploits
Jun 2, 2009 View in Crawl 4
pooper0Jun 3, 2009
clean....get paid..... reinfect....repeat
highgeereJun 3, 2009
That's not correct. Remote users and/or infected members of botnets connect to FTP accounts using captured(keylogged/sniffed) FTP account credentials and target hostnames/IPs. You can see it in FTP logs clear as day. Sometimes they modify files based on extension(.htm*, .php) and sometimes filename(*index*). Are you suggesting that malware on PCs injects javascript into all text files in the hope that one or more will be uploaded to a webserver?
keyoJun 3, 2009
Why do people not use sftp?
jemkaJun 4, 2009
@highgeere,I'm suggesting that the files I was working on, on my local machine, had the said iframes. However, the files on my web server did not."Are you suggesting that malware on PCs injects javascript into all text files in the hope that one or more will be uploaded to a webserver?'Not all text files, but htm and html for example, absolutely. Are you suggesting it's a shot in the dark? If you don't have a versioning system or any type of svn protection, that's exactly what can happen.Statistically there will be more users that have access to the FTP accounts than have local copies of the website's source files, but I don't believe malware authors would ignore the possibility of infecting local copies. Obviously that is the case with the author of the program that I was infected with.