Author Topic: Trojan -  (Read 4710 times)

0 Members and 1 Guest are viewing this topic.

February 16, 2011, 02:37:11 pm
Read 4710 times


  • Newbie

  • Offline
  • *

  • 7
Please, add in Your base following domain:

Code: [Select] Trojan
Hacking is going through hole in script GB Top-Directory (
1. XSS-injection with stealing cookies from admin section through this script:
2. Uploading shells on server and inserting JS-code from this page:

Details (in russian) here: - there also decoded version of trojan
Russian support of hosting only deletes scripts but lately its was restored in the same places.


February 16, 2011, 08:21:34 pm
Reply #1


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I'm sorry, but I can't reproduce what you reported.

hxxp:// just returns a gif image. decodes to
Code: [Select]
<script type='text/javascript'>if (parent.window.opener) parent.window.opener.location='';</script>
<script language="javascript" src=""></script>

Neither hxxp:// nor hxxp:// leads me to any malware.
Ruining the bad guy's day

February 17, 2011, 01:27:11 pm
Reply #2


  • Newbie

  • Offline
  • *

  • 7
This code was inserted into many sites. By abuse it was deleted but lately restored in the same place, that means this code added by owner site.