Saturday, 13 April 2013

A pesky virus

Today, I had to deal with a pesky virus for one of my customers. There were over 2,000 instances of it on their web site, so I wrote a little program to check each file and do a repair. I recall doing the same thing 25 years ago for another virus.

This isn't the first time I've done this. What happens, is that the webmaster gets something malicious installed on their Windows computer, and then when they access their web site via ftp, the malicious something installs an exploit on their web site in all the HTML files (and in this case, javascript files too) that it can find. It's fairly easy to spot in a file (but it does try to hide itself a bit, by having a whole load of spaces at the beginning of the line, so many file editors won't show it unless you scroll right) and it's easy to remove from a file. But to remove it from 2000 files? I wrote a little remover program and ran it over the whole server (and some others). Only that one customer had the problem (and they have it on other servers too, servers that aren't mine).

I suppose this is just part of the business of using the web.

Do a google search for String.fromCharCode 0242d5 but DON'T click on any of the links. Most of them have the Google malware warning. There's 345,000 pages found. Here is more information about this thing.