Malware Signatures

  1. Home
  2. Malware Signatures
  3. html.defaced.bghh.001

html.defaced.bghh.001

This is a defacement attack conducted by the Indonesian Bengkulu Hacker Team

Affecting

Any web site (no specific target).

Cleanup

Restore your site from a clean backup. Deleting all files first is the best option since it will delete all backdoors and other malicious files that
hackers could leave on the server. It is important to identify and close the security hole to prevent recurring attacks.
You can sign up with us and let our team remove the malware for you.

Dump

...excerpts from a typical defacement page...
<title>Emau Jinak</title>
</head>
<link rel="SHORTCUT ICON" href="http://cantigi.files.wordpress.com/2008/04/indonesia.gif">
...
<body background='http://images2.wikia.nocookie.net/__cb20080716132456/tolololpedia/images/1/12/Hitam.PNG'>
<p align="center"><font size="4">
<br><br><br><img src="http://i43.tinypic.com/2vcbbyf.jpg" height="400px" width="650px">
<div align="center"><center>
<font face='Iceland' size='5' color='red'>Cont<font color='white'>ack Me : </font>
<font face='Iceland' size='4' color='red'><a href="http://www.facebook.com/emau.jinak" target="_blank"><blink><button>Emau Jinak</button></blink></a></br>
...
<marquee><code> z3r00_c00d3r | X-Sec | aLFaction | Ziggy | ZR007 | Angon Pitek | All Member Bengkulu Hacker Team</code></marquee>
...
<embed src="http://www.swfcabin.com/swf-files/1381338103.swf"
pluginspage="http://www.macromedia.com/go/getflashplayer"
type="application/x-shockwave-flash" name="SultanHaikal" quality="High"
base="http://www.m5zn.com/uploads2/2011/12/25/embed/122511091249yixbug4vcqp3g1.swf" width="1"
height="1" bgcolor="#000000">
...