Full Disclosure: Re: what is this?

Re: what is this?

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 14 Jan 2008 12:34:48 +0300

Dear crazy frog crazy frog,

  Clear  your  computer  from  trojan,  change FTP password for you site
  hosting  access,  because it's stolen, access your hosting account via
  FTP  and remove additional text (usually at the end of the file, after
  </html>) from all HTML/PHP pages.

--Sunday, January 13, 2008, 7:01:34 PM, you wrote to full-disclosure () lists grok org uk:

cfcf> Hi,

cfcf> Recently on opening one of my site,my antivirus pops up saying that it
cfcf> has found on malicious script.the url is random and i have managed to
cfcf> get tht script.it is using some flaw in apple quick time.
cfcf> u can get the zip file for java script here:
cfcf> http://secgeeks.com/what.zip
cfcf> password is 12345
cfcf> can somebody guide/help me what is this and how can i remove it?



-- 
~/ZARAZA http://securityvulns.com/
Стреляя во второй раз, он искалечил постороннего. Посторонним был я. (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

what is this? crazy frog crazy frog (Jan 13)
- Re: what is this? crazy frog crazy frog (Jan 13)
  - Re: what is this? Robert McArdle (Jan 14)
- Re: what is this? 3APA3A (Jan 14)
  - Re: what is this? Nick FitzGerald (Jan 14)
    - Re: what is this? crazy frog crazy frog (Jan 14)
    - Re: what is this? 3APA3A (Jan 14)
- Re: what is this? Robert McArdle (Jan 14)
  - Re: what is this? Robert McArdle (Jan 14)
- Re: what is this? Jose Nazario (Jan 14)
  - Re: what is this? crazy frog crazy frog (Jan 14)
  - Re: what is this? 3APA3A (Jan 14)
  - Re: what is this? Mario Contestabile (Jan 14)
- Re: what is this? Gadi Evron (Jan 14)

(Thread continues...)