• http://www.wewatchyourwebsite.com WeWatch

    There are 3 other ways this virus can steal passwords, other than finding the file that stores the saved credentials.

    First, it has been seen as a keyboard logger as well. So even people who don’t store their passwords, it can be stolen.

    Second, the virus is also a sniffer. It snifs the outbound FTP traffic and since FTP transmits all data, including username and password, in plain text, it’s easy for the virus to capture the login credentials.

    Third, the virus injects the malscript directly into the outbound FTP stream as it leaves the PC and is headed toward the website. This leaves no out of the ordinary log file entries as all you see is FTP traffic from a legitimate IP address.

    One other comment. The stolen FTP credentials are not only sent to China, we’ve seen cases where the data was sent to servers in the UK, Russia, Korea and Brazil.

  • http://www.bizmeds.biz Bizmeds

    Interesting, i recieved this from a client just today.

    “My rankings are one day on page 1 then nowhere. If you do a link:utilities4u.co.uk in google you will see the pages that google says link to the site – no other search engines show any links. If you look at the pages the common denominator is a link to abpanama – so google is (or was, it might have been corrected but I don’t know for sure) somehow being redirected to the utilities site. I have checked all the files (htaccess, robot and all others) and can’t find anything. I also downloaded all the files from the server and searched the code in dreamweaver for utilities and found nothing. Is there any way there could be a hidden file somewhere?”

    I suspected a malware infection so ran the site through Unmask Parasites and came up clean is there an easy way of sourcing out the problem?

  • http://www.michaeljackson-halloweencostumes.com pauly99

    Thanks for the tips. My website was attacked which made me switch over to Linux for more security.