Troj/PHPMod-A: Behind the Troj/JSRedir-R attacks.

0 SophosLabs
by

Yesterday, Onur posted showing how prevalent detections of Troj/JSRedir-R are. Today we have released detection for one of the culprits for the mass-defacement (Troj/PHPMod-A).

The site Unmask Parasites.com has recently blogged on this issue. If you think that your website has been defaced or is being detected as Troj/JSRedir-R then can you please send SophosLabs the following:

  • the .htaccess file(s)
  • any files new files matching image.php
  • and any other file modified on your server.

If your site was infected I suggest that you:

  • Take the site down to protect other Internet users.
  • Replace the contents of the site with a known clean backup
  • Change all password on the site (including FTP credentials)
  • Patch all the sites software
  • Reload the site.

If you have any comments please contact me via sophosblog@sophos.com.

Free tools

Sophos Home

Sophos Home
for Windows and Mac
Hitman Pro

Hitman Pro
 
Sophos Mobile Security for Android

Sophos Mobile Security
for Android
Virus Removal Tool

Virus Removal Tool
Antivirus for Linux

Antivirus
for Linux