| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Warning: Iframe based attacks using stolen FTP access info | ||||
|
|
Thread Tools |
#51
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
First IP was Egypt and now their IP is Phoenix/US - some how I think the change didn't involve an airplane.
|
|||||||||
#52
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
FYI -
I'm trying to get as much reassurance as I can that this attack is centered only on adding the iframe to index files & not anything else. With Conor's help at Hands-On (they have been very responsive) - I've not only removed all the files with the Iframe "live-counter" code in them - but I've also reviewed every file modified since the Oct 7-8 time frame. I did find a few other files that were replaced - they did not have the iframe code, but someone did modify them on Oct 8th. I also checked the database. I looked at the xcart_config table and did not find anything unusual. Also looked at the xcart_customers table in case there were any unknown accounts added. I have not been able to find any other hack attempts. So - hopefully the attack was not targeting X-CART - they may not have been trying to exploit XCART specifically - instead, just trying to spread their virus using the index files. (fingers crossed). For me - a few files were updated on the 8th. On the 18th, an empty index file at the root was uploaded. Then, on the 22nd, a couple of other files were modified with the iframe code.
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
#53
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hi Emerson,
Yes that is exactly what I've seen - just got another one this morning reported to me - an Australian site this time. Further, which I've not seen before, this one I am being told: "there is a message about a Trojan coming up - JS/Kryptik.B Trojan is the threat."
__________________
Paul Dodman e-business & m-commerce consultant w: www.luminointernet.com e: xcart@luminointernet.com Professional X-Cart help, advice, support and services, specialists in Mobile X-Cart. |
|||||||||
#54
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hello,
My name is Dmitry Verbichenko I'm Qualiteam's CIO. Thank you for brining this issue to our attention. We already did some preliminary investigation and so far did not find any signs that HelpDesk or other corporate systems were compromised. However to be absolutely sure we need some assistance from you. Balinor, pauldodman, Emerson, gb2world or anyone who experienced or witnessed such incidents could you please PM me company name or license URLs of shops that were compromised. We will do close inspection of their HelpDesk accounts for suspicious activity or other signs of compromise. Thank you in advance.
__________________
Sincerely Yours, Dmitry Verbichenko Chief Information Officer |
|||||||
#55
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hi Guys,
One of our clients faced the problem. Here is the issue history: Iframe is added in index file on Oct 8th (the site it refers is live-counter.net). We traced the log and it was from Egypt. We cleaned up and changed the FTP passwords and other details. Run the scan and it was ok. Again Oct 20th, again affected. The hosting team traced the IP , the report is "the only IP uploading today has been: 79.133.83.154 via FTP." We cleaned up and changed all the passwords. Let's see what happens in coming days. We are still investigating. If anyone finds solutions/information, please share here.
__________________
Dongan MercuryMinds Technologies Professional X-Cart Design, X-Cart Development, X-Cart Customization Services www.mercuryminds.com Follow us at Facebook / Twitter |
|||||||||
#56
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
You guys may want to review this article as well. Our client found it on the zlob virus.
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#57
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
Hello Dongan, Can you please PM me the name of the client who had this issue as it is written in our HelpDesk so I can identify his account. Quote:
This is our corporate proxy. Are you sure that your client did not interact with our support team that day?
__________________
Sincerely Yours, Dmitry Verbichenko Chief Information Officer Last edited by verbic : 10-23-2008 at 06:07 AM. |
|||||||
#58
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
Hi, Sent you a PM.
__________________
Dongan MercuryMinds Technologies Professional X-Cart Design, X-Cart Development, X-Cart Customization Services www.mercuryminds.com Follow us at Facebook / Twitter |
|||||||||
#59
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hi,
Guys i have just had my ftp accessed as well they have done the same installed the iframe on my index pages. Nightmare!!!
__________________
X-Cart version 4.1.3 Blank DVD Blank Cd Blank Media Dvd Case http://www.discworlduk.co.uk |
|||||||
#60
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quick update
We have done a scan on our server and there is loads all directing to live-counter.net
__________________
X-Cart version 4.1.3 Blank DVD Blank Cd Blank Media Dvd Case http://www.discworlduk.co.uk |
|||||||
|
|||
X-Cart forums © 2001-2020
|