Malware Signatures

  1. Home
  2. Malware Signatures
  3. html.defaced.hightech_hackteam.001

html.defaced.hightech_hackteam.001

Site got defaced by the HighTech HackTeam.

Affecting

Any web site. Some of their attacks specifically targeted unpatched Joomla sites with the JCE vulnerability

Cleanup

Restore your site from a clean backup. Deleting all files first is the best option since it will delete all backdoors and other malicious files that
hackers could leave on the server. It is important to identify and close the security hole to prevent recurring attacks.
If you use Joomla, make sure to upgrade and fully patch it. Pay a special attention to component and plugins, especially to JCE.
You can sign up with us and let our team remove the malware for you.

Dump

...excerpts from a typical defacement page...

<html><head><title>hackeado por HighTech Brazil HackTeam</title>
</head><body link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF" bgcolor="#FFFFFF">
<!-- Hoje nao tem nada na index pra te zoar velho do caralho, so nos comment aqui kkkkkkk
se abriu essa porra... pau no seu cu viu com muito amor :* !-->
...
<center><img src="http://zone-h.org/images/star.gif"> <img src="http://zone-h.org/images/star.gif"> <img

src="http://zone-h.org/images/star.gif"> <img src="http://zone-h.org/images/star.gif"> <img src="http://zone-

h.org/images/star.gif"></center>
<center><big><big><pre><big>hackeado por <b><i>HighTech Brazil HackTeam</i></b></pre></big></big></big></center>
<center><div class="cont"><pre>por <a href="https://twitter.com/xFellipeCT"><font

color="#000000"><big><i>xFellipeCT</i></big></font></a>
</pre></div>
<center><pre>nos somos
<center><font color="#000000">[ <b>@xFellipeCT</b> - <b>@Thiago_0k</b> - <b>@aceeeeeeeer</b> - <b>@synchr0n1ze</b> - <b>@byCrazyDuck</b> ]<br>[ <b>HighTech Brazil HackTeam SEMPRE!</b> ]</font></center></pre>
...
><br>gr33tz
<center><pre>[ <marquee align="center" direction="left" scrollamount="3" width="441">LLL - Kouback_TR_ - Atena - BL4DE - MasoqFellipe - Conan - Slayer
Owner - M3str3 Root</marquee> ]<pre>
...