2009/8/7 Raja Subramanian <rajasuper...@gmail.com> > On Thu, Aug 6, 2009 at 10:36 PM, Anand <anand.eter...@gmail.com> wrote: > > Was it by any chance a gumblar.cn or related worm? > > Similar. But I can't recollect if it was the same. > > - Raja > _______________________________________________ > To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with > "unsubscribe <password> <address>" > in the subject or body of the message. > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc >
Yeah a friend of mine got that too. A worm called martuz.cn (a gumblar family worm) It infects the site through compromised ftp credentials (Which comes in through a malformed pdf. So disable javascript in adobe reader). Clean the computer from which you upload your files - both sophos security suite and kaspersky internet security do a very good job at this. Once you are sure that your uploading computer is clean, change the ftp password. Also, if the site is infected, this script<http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/comment-page-1/#comment-896>will automatically disinfect the pages. I think that thread also contains lots of useful comments on how to automatically detect infection. -- Anand _______________________________________________ To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
