VideoWhisper.com php site hacked

[VideoWhisper.com]

On 15.08.2009 we discovered that our site has been hacked.

Attacker inserted malicious html content that loaded pages from his davtraff com site using invisible iframes probably to generate fake traffic. All index.php, .htm, .html files were corrupted by adding html code with invisible iframes at their end.

Our developers built a script that found and removed all malicious content.
Now Dasient Web Anti-Malware (WAM) shows: 0 infected pages of all 33 pages quick scanned.

PM if you need this php script. It scans all site files for certain strings and code and can also remove certain code. We’ll probably release it to the public domain when this is cleared up and have time to write some small docs for it.

Looks like the source of the problems came from a htmlarea component. Attacker managed to upload a .jpg.php file and various exploits from there. We removed it completely.

Our http://www.videowhisper.com site was also blacklisted today by google/firefox/chrome. We already posted a review request as we found and fixed the problems fast.

http://www.google.com/safebrowsing/d...deowhisper.com shows at this moment:

Quote:

What is the current listing status for videowhisper.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 4 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-08-14, and the last time suspicious content was found on this site was on 2009-08-14.

Malicious software is hosted on 1 domain(s), including davtraff.com/.

This site was hosted on 2 network(s) including AS21844 (THEPLANET), AS36351 (SOFTLAYER).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, videowhisper.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
We removed vulnerability, fixed content, changed passwords, requested review from google.

If you have any suggestions or comments we would be happy to hear those.