Quote:
Originally Posted by bl4h
oh shit youre right ! http_host is the hostname the client sends to the server so it can be anything ! y those bastards !
|
Exactly...
That's interesting... Early this week I was contacted by one of my trades about a similar issue. He had went to some site that was compromised and it had installed a keylogger on his computer. The typical virus protectors like norton etc. didn't catch it. He was saying you needed something better like Kapersky.
These guys got his server login info and intalled the same thing on his site.. Apparently they seem to have it automated so it will download all the html (probably php as well), install the exploit and re upload them. Happens very fast. It could be that this is another "version" of that.