Feigning normality since 1973
Filed in: Website Management.
OK, A scant couple of days after we upgraded Teaspoon to a more secure version of eFiction, we were hacked into. The hackers used an exploit in eFiction to break in and add some code to one of the files. I have patched the exploit in the version of eFiction on our site, and notified the eFiction authors.
The hacker (who had a Russian IP address) changed a file to insert a 1x1 iframe on every page on the site. The URL they used was malformed and didn't work, but would have pointed at iframebiz.biz, which tried to load a Trojan onto the target's PC.
The registration info on iframebiz.biz is:
I'm presuming he pays hackers to put code onto sites so he can infect PCs for whatever nefarious purpose.
Edit: the eFiction authors have already issued a security patch. :)
Posted December 11, 2005 1:27 PM
Post a comment