Website infected with Java exploit

RoyalMess · April 02, 2014, 05:58:56 AM

Hi there,

I run a SMF website but i have been approached by a local bank saying a customer of them has been infected and the infection came from the site running SMF.
The infection looks like this: https://www.dropbox.com/s/xyqf5hbz4ki8gla/image003.jpg
It only affects IE users with this Java exploit, how did it ever get into the site? All permissions are good and the recent version is installed since a few days.

The only anti virus that detects something is Nano Antivirus, i installed this in a VM and it found a HTML infection. This antivirus infected the file: smf\mobiquo\site.php

RoyalMess · April 02, 2014, 06:16:54 AM

As far as i found out now it appears the Tapatalk plug-in was exploited. Removed the plug-in and appears to be clean now.

kat · April 02, 2014, 06:29:07 AM

http://www.simplemachines.org/community/index.php?topic=379720.msg3575759#msg3575759

RoyalMess · April 02, 2014, 06:32:05 AM

Quote from: K@ on April 02, 2014, 06:29:07 AM
http://www.simplemachines.org/community/index.php?topic=379720.msg3575759#msg3575759

Aii, missed that out. Been running Tapatalk for quite a while without issue's till now :|

RoyalMess · April 03, 2014, 09:18:32 AM

Cleaned up the malicious code that was put in place by someone exploiting Tapatalk and all clear now.

kat · April 03, 2014, 09:21:35 AM

Yay!

News:

Website infected with Java exploit

RoyalMess

RoyalMess

kat

RoyalMess

RoyalMess

kat