Igihe website infected with malware

Saturday, August 4, 2012

Igihe website infected with malware

It seems that the site igihe.com was infected by a Russian hacker
because igihe.com was redirected to a website host in Russia http://ilulxak.ru /http://nycaqsy.ru .

We wrote an article on vulnerabilities found in igihe.com website some days ago
http://rwandan-hackers.blogspot.fr/2012/07/igihecom-vulnerable-to-xss.html

I think the hacker used this exploit

http://www.exploit-db.com/exploits/9448/ [SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit]

https://badwarebusters.org/main/itemview/7997 [more advice Here ]

I think you’ll find that the site has been compromised because of a leaked password.
Several infections seem to exist on the site.

First of all, check the administrative PC for malware, use multiple AV and Malware scanners to check and remove any found.

Change the password of the FTP, preferably from an alternate PC.

Do NOT store the password in your FTP client.

Find and remove the malware that is on the site:
Your .htaccess file may redirect search engine traffic, so please check the .htaccess file in all folders including above the root folder of the site itself.
You’ve also got a Martuz or variant thereof, so you will likely find iframe or malicious scripts embedded in the various files of your site. Check both normal html/php file as well as Script files.

When all is done and found, you can request a Review from Google Webmaster Tools. This review will take a few hours, but if no suspicious activity is found, then the site will be taken off the suspicious list.

Tools you may find useful, including website scanners:
http://badwarebusters.org/main/itemview/1659#itemblock-3035

Google webmaster tools:
http://www.google.com/webmasters/tools/

Your Diagnostics page:
http://www.google.com/safebrowsing/diagnostic?site=http://igihe.com

The website is under construction

update at 00:12 August 4, 2012:

I saw that they copy this article to explain the nature of the virus

next time do your work and stop copying our work

http://www.igihe.com/igihe-com/the-igihe-project/ubutumwa-bwo-kwisegura-ku-bakunzi-ba-igihe-com.html

3 comments:

UnknownAugust 5, 2012 at 8:14 AM
This comment has been removed by a blog administrator.
ReplyDelete
Replies
Rwandan hackersAugust 12, 2012 at 12:59 PM
you rage nigga ????
ReplyDelete
Replies

Add comment

ABOUT ME

Name : Cyuzuzo A.

Sex : Male

Relationship Status : Single

Age:16 years old

Nationality: Rwandese

Languages : PHP, Asp, SQL, HTML, Java, perl, HTML/kinyarwanda/Francais/English/

Activities : Information technology, Twitter, Hacker,Facebooking, Blogging

Some less known facts About me:
• Single Digit Addition and subtraction
• Knowledge of alphabets from A- Z
Both In Caps And Smalls
• If you provoke me..I could probably count upto Ten
• Special knowledge of the "F" word.
• Can also sing the national anthem
• I m Allergic 2 Studies of all kinds.
• I hate Flirty Girls.
• I drink equal quantity of pepsi and water in a day