×

First time here?

You are looking at the most recent posts. You may also want to check out older archives. Please leave a comment, ask a question and consider subscribing to the latest posts via RSS or email. Thank you for visiting!

last week (early last week) i was helping a client who's machine had been infected with a hack that was adding footers in the iis configuration of a site.  what this was doing was outputing javascript that was attempting to insert the download.ject virus on user machines that visited the site.

*last week* i noticed it and the companie's a/v software (mcafee) noticed it as JS/Exploit-DialogArg.B variant (not Download.Ject).  my a/v soft (norton desktop) didn't even notice it.  I could not find any information on the JS/Exploit-DialogArg.B virus def except on mcafee's site stating an “extremely low” warning.

guess what...it wasn't that “extremely low” -- as now download.ject (same thing) is all over the place...and this server *had* the appropriate suggested service pack from ms on it already.  i admit, the clients machine looked like a different hack to get in, but i found it interesting that just now a/v corps are heightening the threat...i contacted both symantec and mcafee with the copy of my variant and they responded with “this is already been designated a low warning as microsoft already has patches that solve this” -- argh.



DISCLAIMER:

The opinions/content expressed on this blog are provided "ASIS" with no warranties and are my own personal opinions/content (unless otherwise noted) and do not represent my employer's view in any way.