I just received the following message from one of my providers last night. Any comments?
We have received complaints about content hosted on your VPS at the following URL:
http://www.mydomaine.org/components/com ... index.html
Upon further investigation, we have found additional software in place on your system which was actively used to gather personal information such as logins and passwords for the Bank of America. These files are located at the following location:
/home/virtual/mydomaine.org/webroot/htdocs/components/com_joomlalib/standalone:
---------- 1 root root 161220 Sep 18 12:26 mag.php
---------- 1 root root 8031 Sep 18 12:26 stubjambo.php
---------- 1 root root 72121 Oct 13 08:41 http://www.BankOfAmeria.com-2007.zip
d--------- 3 root root 1024 Oct 13 08:42 http://www.BankOfAmeria.com-2007
---------- 1 root root 183465 Oct 13 09:16 bankofamerica.zip
d--------- 5 root root 1024 Oct 15 07:06 bankofamerica
We have taken steps to disable and remove access to these files. However, it is possible that there are other compromised sites which we have been unable to detect.
The likely source of this compromise is outdated web software which you are running on this domain. In this case, a version of Joomla is running that has known, published vulnerabilities to allow an attacker unauthorized system access.
