Hedir Review : WARNING! HEDIR Infected with WMF virus!

winterfrost

If you don't have anti-virus you are probably already infected.

Lakhya, it looks like you've been hacked again.

baggeroli · Posted: Tue Jan 03, 2006 4:15 pm Post subject:

Yup, it's a Trojan. KILL KILL KILL!!! Twisted Evil

baggeroli · Posted: Tue Jan 03, 2006 4:19 pm Post subject:

Hmm, it's accessing fiv. bestswf.com and blackh.info

Guest · 100 Hedir Points

This is above the normal html in the page. Was it there before and I never noticed?

Guest · 100 Hedir Points

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system. This issue is not known to be wormable. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

More at http://www.microsoft.com/technet/security/advisory/912840.mspx

Tried to sign in but having trouble I guess.

Signed,
Google Junky

lakhya · Joined: 01 Mar 2005 Posts: 473 15238 Hedir Points

Hi fellow members.

The site is fixed now and we have installed the necessary softwares to avoid these kinds of attacks.

We really regret for the inconvenience

Thanks

Lakhya

AjiNIMC · Joined: 11 Apr 2005 Posts: 516 18600 Hedir Points

Lakhya one of my friend is also facing the same problem, how do I fix it. Please help

lakhya · Joined: 01 Mar 2005 Posts: 473 15238 Hedir Points

Hi AjiNIMC, I had a back and replaced all the files and also given proper permission to the directories. The only way out is to replace the code in each and every file.

winterfrost · Posted: Tue Jan 03, 2006 9:48 pm Post subject:

The website is still completely mangled for me.

baggeroli · Posted: Tue Jan 03, 2006 9:59 pm Post subject:

Yup, for me too. Sad

baggeroli · Posted: Wed Jan 04, 2006 12:01 am Post subject:

Everything normal again.

ADAC · Posted: Wed Jan 04, 2006 1:38 am Post subject:

Another odd problem that I'm wondering might be linked to this virus. It seems that over the last 2 days a click to my site has been generated by every post I have made.

Not that this is bad if this is a person Very Happy

However if this is a person I must be highly fascinating to him/her, the person has went to whats seems to be every post I've made and click to go to my site at least once, sometimes up to 10 times, hundreds of visits over 2 days. Shocked

Señor COOL · Posted: Wed Jan 04, 2006 6:08 am Post subject:

Seems to be okay from this end.

Señor COOL · Posted: Wed Jan 04, 2006 6:27 am Post subject:

One thought though, lakhya:

I don't know if you can "track the hack" as it were, but depending on how it got there (FTP or whatever), there is probably at least one IP associated with it.

Could you compare and match the IP(s) used with any IP(s) from your raw logs during roughly the same time period?

lakhya · Joined: 01 Mar 2005 Posts: 473 15238 Hedir Points

ADAM: Yah, i will try to find out.

ADAC: are you still facing the problem?