Saturday, August 4, 2012

Igihe website infected with malware



It seems that the site igihe.com was infected by a Russian hacker
because igihe.com was redirected to a website host in Russia http://ilulxak.ru /http://nycaqsy.ru .


We wrote an article on vulnerabilities found in igihe.com website some days ago
http://rwandan-hackers.blogspot.fr/2012/07/igihecom-vulnerable-to-xss.html

I think the hacker used this exploit

http://www.exploit-db.com/exploits/9448/ [SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit]

https://badwarebusters.org/main/itemview/7997 [more advice Here ]


I think you’ll find that the site has been compromised because of a leaked password.
Several infections seem to exist on the site.

First of all, check the administrative PC for malware, use multiple AV and Malware scanners to check and remove any found.

Change the password of the FTP, preferably from an alternate PC.

Do NOT store the password in your FTP client.

Find and remove the malware that is on the site:
Your .htaccess file may redirect search engine traffic, so please check the .htaccess file in all folders including above the root folder of the site itself.
You’ve also got a Martuz or variant thereof, so you will likely find iframe or malicious scripts embedded in the various files of your site. Check both normal html/php file as well as Script files.

When all is done and found, you can request a Review from Google Webmaster Tools. This review will take a few hours, but if no suspicious activity is found, then the site will be taken off the suspicious list.

Tools you may find useful, including website scanners:
http://badwarebusters.org/main/itemview/1659#itemblock-3035

Google webmaster tools:
http://www.google.com/webmasters/tools/

Your Diagnostics page:
http://www.google.com/safebrowsing/diagnostic?site=http://igihe.com

The website is under construction

update at 00:12 August 4, 2012:

I saw that they copy this article to explain the nature of the virus
next time do your work and stop copying our work


3 comments: