Author Topic: Malware Sites [kadport.com,bios47.com,heiheinn.com] (Read 7334 times)

amitg27 · July 05, 2008, 10:08:36 am

Hi,

I have multiple sites hosted on the dedicated server, from the past two weeks i find sites like [kadport.com,bios47.com,heiheinn.com], trying to write to my site [asp and asp.net pages], I am unable to solve this problem inspite of using good anti-virus software [symantec,avg], Can you please suggest me what do i need to do, to get rid of this problem, I mean what is the solution to this. please help

Thanks and Regards
Amit

sowhat-x · July 05, 2008, 01:56:08 pm

...For a description of what's been happening there more or less,read the article here:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

Speaking of .asp,also check this recent Microsoft advisory here:
http://www.microsoft.com/technet/security/advisory/954462.mspx
And for a few more "practical" ideas and countermeasures against this attack...
http://isc.sans.org/diary.html?storyid=4615

In short:check for infected scripts hosted in your server/html pages,
and also audit your sql code for entries that shouldn't be there in the first place...

Author Topic: Malware Sites [kadport.com,bios47.com,heiheinn.com] (Read 7334 times)

amitg27

Malware Sites [kadport.com,bios47.com,heiheinn.com]

sowhat-x

Re: Malware Sites [kadport.com,bios47.com,heiheinn.com]