1 post • joined 15 May 2009
I work for a fairly large hosting provider and we're seeing it here too.
Interestingly, we're also seeing a .htaccess being dropped into the root ftp folder which attempts to perform various redirects, set (compromised) custom error docs and calls some perl scripts.
Ammusingly they don't upload the error docs, scripts and their .htaccess is malformed, which simply took the sites offline instead. If the error docs had been correctly uploaded then they'd have spread via the 500 internal server errordoc though.
The reason I mention it is because it's from the same 'straight-in' access from compromised FTP accounts. I cleared out about 15 infections yesterday - of which all logged in first time with the right details.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- AMD demos 'Berlin' Opteron, world's first heterogeneous system architecture server chip
- Leaked pics show EMBIGGENED iPhone 6 screen
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs