Re: Warning: Iframe based attacks using stolen FTP access info
 

But did they do this right after you posted the login into to the qualiteam's helpdesk?
This could be determined by looking at the ftp logs or the time stamp on the files.

Re: Warning: Iframe based attacks using stolen FTP access info
 

I'm checking into it right now Emerson, it might be that a keylogger was resident on my computer from before.

God help us if the X-cart support helpdesk is comprimised huh?

For added security we've stopped all the PC's in the office and are only running the Macs.

Re: Warning: Iframe based attacks using stolen FTP access info
 

I dropped a line to Qualiteam to have them look into this as well...

Re: Warning: Iframe based attacks using stolen FTP access info
 

No worries from Qualiteam's support help desk.

It seems that these files were modified on our files on October 8 2008.

What a disaster this is, depending on the computer that was compromised, they could have done away with some serious information if it was a case of keylogging.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Hmmm interesting.
Oct 8th seems to be the magic date here as well
Oct 1st, 8th and 20th

now if this is a keylogger issue where is this common place where this keylogger has infected all these computers from users that frequent here.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Yes! It started on Oct 8 for my client as well with subsequent logins on the 9th and 10th.

Carrie

Re: Warning: Iframe based attacks using stolen FTP access info
 

Have them check up the browser records and let them review what sites were browsed on that date. That's what we're planning to do here on the PC's once the adware and anti spam software are finished from checking the units.

My guess is that if it's a keylogger, then it's from one of those funny video sites that people send around. Our office is an open space so I'm almost 99% sure that it's nothing to do with porn sites but the lads here send back and forth a lot of those "funny accidents" video links so if it's a keylogger, then I'm guessing it's got to be infected through one of those sites.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Mates,

We found a site that was visited by one of our computers www.tvshack.net which Google is advising that has malicious code in it. We're checking to see if the computer that was used to visit it is infected.

Will let you know if it's confirmed.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Kaspersky is picking up the virus as Packed.JS.Agent.r and it looks like it was only added to their virus listing today (October 22): http://www.kaspersky.co.uk/viruswatchlite?hour_offset=-11&search_virus=js

Re: Warning: Iframe based attacks using stolen FTP access info
 

Their IP has now changed too.
The most recent one is 71.38.117.19