Web Host Companies Shared Hosting Servers Attacked by Malicious PERL Script

March 15, 2005 - (HOSTSEARCH.COM) – The Internet Storm Center (ISC) reported yesterday that a number of web hosting companies that provide shared hosting had their servers exploited and all of their customer homepages modified so that visitors are attacked.

“In one case, a Perl script was used to modify each customers homepage with the additional IFRAME snippet that fellow handler Lorna had already reported in the diary two days ago. The Perl script reads in the web server configuration (httpd.conf) on a compromised server, and then appends the malicious iframe code to all the index.html pages of all the virtual hosts available on this server. The same reader who managed to isolate this script has also contributed a script written by himself to clean up the affected pages,” said Daniel Wesemann on the ISC site, “If successful, the exploits drop either of two files "mhh.exe" or "sr.exe", both of which so far are only recognized by Kaspersky and called (not-a-virus:AdWare.ToolBar.SearchIt.h). The files have been submitted to the other AV vendors.”

blog comments powered by Disqus

Add HostSearch to

Find Web Hosting News

Search:

Web Hosting News Archive:
2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998

DotBlock VPS Hosting
Double RAM & $1 Trial Period - Promo Code '15DAY'
HostGator - $4.95/mo
350GB Disk Space 3000GB Bandwidth
3 Months FREE Hosting
3 Months FREE Web Hosting Offer &Unlimited Traffic
Constant.com
100% Uptime Discount Server Hosting
Superb.Net FREE Hosting
6 Months FREE! Packages starting at $4.99
Green Geeks Hosting
World's #1 Eco-Friendly Green web hosting company