I need an expert opinion...

[robertharris]

Yesterday a client called saying their anti-virus program detected a virus.  The infected file was named flash.htm.  I was able to check some logs and found that flash.htm was downloaded from 800mg.cn.  A search for 800mg.cn lead me here as 800mg.cn appears on the malware site list.

The download occurred while the client was checking online orders on the company website.  I did more research and found that since 8/15/2008 800mg.cn was accessed every time online orders were checked.  This lead me to believe that the company's website has been hacked.

The web hosting company keeps assuring my client that no credit card information could have been compromised.  I'm not convinced.

I was hoping someone who was familiar with 800mg.cn's method of operation could provide some insight as to what is occurring.

Thanks,

Rob

[JohnC]

There is probably a line of code injected into your companies website, which calls a script from 800mg.cn.

You will need that line of code cleared from all the pages on your site, that have it. And you also need to find how someone got the code into the pages in the first place and remove them.

[robertharris]

Thanks for your input John.  You were right.  It seems we were the victims of this SQL Injection attack.