More on Troj/JSRedir-AK

Filed Under: SophosLabs

Since first releasing detection (2 days ago) for Troj/JSRedir-AK SophosLabs have seen thousands of websites affected by it. Since blogging yesterday we have seen a few minor variants and have had to update the our detection.

One of the updates has been to detect the malicious script when appended to HTML files within script tags as well as being appended to JavaScript files.

Sophos has been contacting owners of affected websites and one of the main methods for infection is via compromised FTP credentials. My colleague over at the Unmask Parasites. Blog has also reported seeing large numbers of sites affected. Affected websites should:

  • Delete or restore from backup infected files.
  • Patch all software on the box.
  • Change all password especially FTP ones (and restrict FTP access to a minimum).
  • Review logs and policies to prevent another breach.

Merry Christmas and have a Happy New Year.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s