Author Topic: Malware Sites [kadport.com,bios47.com,heiheinn.com]  (Read 4956 times)

0 Members and 1 Guest are viewing this topic.

July 05, 2008, 10:08:36 am
Read 4956 times

amitg27

  • Newbie

  • Offline
  • *

  • 1
Hi,

I have multiple sites hosted on the dedicated server, from the past two weeks i find sites like [kadport.com,bios47.com,heiheinn.com], trying to write to my site [asp and asp.net pages], I am unable to solve this problem inspite of using good anti-virus software [symantec,avg], Can you please suggest me what do i need to do, to get rid of this problem, I mean what is the solution to this. please help

Thanks and Regards
Amit

July 05, 2008, 01:56:08 pm
Reply #1

sowhat-x

  • Guest
...For a description of what's been happening there more or less,read the article here:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

Speaking of .asp,also check this recent Microsoft advisory here:
http://www.microsoft.com/technet/security/advisory/954462.mspx
And for a few more "practical" ideas and countermeasures against this attack...
http://isc.sans.org/diary.html?storyid=4615

In short:check for infected scripts hosted in your server/html pages,
and also audit your sql code for entries that shouldn't be there in the first place...