Hello,
I'm sure not everyone realises that the hacked sites have actual virusses/ trojans in them. Please be carefull.
Downloading it back to your own hard-drive could make your own local OS instable, so it cannot be trusted anymore. Virusscanners and Firewalls act as if they still work (all upgrading and all) yet these upgrading actions are fake, as in it will not add upgrades to the programm anymore since the virus has instructed them to not to.
Trijnie
Downloaded or ftp-ed a backup of your hacked site- have a virus?
Moderator: General Support Moderators
Forum rules
- Trijnie
- Joomla! Enthusiast
- Posts: 187
- Joined: Sun Aug 14, 2005 8:42 pm
- Location: Stadskanaal, The Netherlands
- Contact:
Downloaded or ftp-ed a backup of your hacked site- have a virus?
Last edited by Trijnie on Thu Jul 27, 2006 11:54 pm, edited 1 time in total.
- Michelle Bisson
- Joomla! Ace
- Posts: 1773
- Joined: Fri Aug 12, 2005 12:47 am
- Location: Quebec City, Canada
- Contact:
Re: Downloaded or ftp-ed a backup of your hacked site- have a virus?
Thanks Trijnie for sharing this with us!
Michelle Bisson, POPcliQ, http://www.popcliq.com
Joomla / OSM Trademarks Team Member
Joomla / OSM Trademarks Team Member
- crash777
- Joomla! Explorer
- Posts: 334
- Joined: Sat Sep 03, 2005 1:56 am
- Location: Upstate New York
Re: Downloaded or ftp-ed a backup of your hacked site- have a virus?
Yeah, I backed up several of my hacked sites.. I found a virus in one of them...
My scanner found it though... and quickly deleted it. It was a php file.
stoopid crackers...pfff
My scanner found it though... and quickly deleted it. It was a php file.
stoopid crackers...pfff
Thanks!
Aaron
Aaron
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: Downloaded or ftp-ed a backup of your hacked site- have a virus?
Of all the hacked sites I have been dealing with, only one has had a virus injected into it. It was also the only site that had the database compromised. I downloaded the site and my antivirus found it and deleted it.
All other sites have been subjected to defacing attacks. Those site owners have been lucky.
All other sites have been subjected to defacing attacks. Those site owners have been lucky.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: Downloaded or ftp-ed a backup of your hacked site- have a virus?
Me have Mac, me not know virus.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
- cgraham149
- Joomla! Intern
- Posts: 70
- Joined: Thu Mar 30, 2006 3:48 am
- Location: Northern California
- Contact:
Re: Downloaded or ftp-ed a backup of your hacked site- have a virus?
It is true that anti-virus software will pick those files up as Trojans....because that is what they are and that is what was used to break into so many site with the SQL injection issue.
However, if someone did download a copy to their hard drive and didn't have antivirus, there wouldn't be too much to worry about unless the following were also issues:
1) they were connected directly to the internet - no firewall
2) the machine they downloaded to was also a server running PHP
3) the hacker had the ability to activiate the script which would require them to know what IP address and what directory it was stored in.
These trojans are not self operating. You would have to download it and then run the PHP file. The ones that I have seen do not phone home to let the hacker know you are infected.
It is always better safe than sorry.
Always have updated anti-virus
Always have a firewall
Never run your personal computer as a server connected directly to the Internet
Cheers
However, if someone did download a copy to their hard drive and didn't have antivirus, there wouldn't be too much to worry about unless the following were also issues:
1) they were connected directly to the internet - no firewall
2) the machine they downloaded to was also a server running PHP
3) the hacker had the ability to activiate the script which would require them to know what IP address and what directory it was stored in.
These trojans are not self operating. You would have to download it and then run the PHP file. The ones that I have seen do not phone home to let the hacker know you are infected.
It is always better safe than sorry.
Always have updated anti-virus
Always have a firewall
Never run your personal computer as a server connected directly to the Internet
Cheers