Sent: 02 August 2012 11:52 AM
To: 'CIRCLE Windows'
Subject: RE: [Ticket ID: malware detected
It just happened again, but google didn’t block me this time. But these sites are now broken :
while investigating, I saw that yyy.co.za was redirecting to …./runforestrun?sid=boten_api… which shouldn’t happen.
Looks like the malware replaces all JS files. Attached are the one that has been infected, and the other is normal.
According to the internet, it is malware attaching itself to the JS. Please read here
“Most probably, it spreads through the recent vulnerability in Plesk Panel<http://kb.parallels.com/en/113321>, so we would like to appeal to every web administrator and every hosting provider to update the Plesk software on their servers to the newest version, apply all the security patches and change the passwords to all the FTP/SFTP/SSH accounts as soon as possible.”
Please let me know once you have fixed this vulnerability, because this is unacceptable.
Please assist urgently!