Malware Signatures

  1. Home
  2. Malware Signatures
  3. html.defaced.muslim_army.001

html.defaced.muslim_army.001

This is a defacement attack conducted by members of the Muslim Cyber Army, mainly from Pakistan. On hacked sites they usually add files like Romantic.html, PK.html, Intruder.html.
It is quite common for them to compromise whole servers when they are not properly secured.

Affecting

Any web site (no specific target).

Cleanup

Restore your site from a clean backup. Deleting all files first is the best option since it will delete all backdoors and other malicious files that
hackers could leave on the server. It is important to identify and close the security hole to prevent recurring attacks. Make sure that file and directory permisions don't allow to create/modify files from other server accounts.
You can sign up with us and let our team remove the malware for you.

Dump

...excerpts from a typical defacement page...

<title>.::[+]|Kicked By Intruder|[+]::.</title>

<script>alert('WELCOME ADMIN');</script>
...
<meta content='[+]Kicked By Intruder [+]' name='description'/>

<link rel="shortcut icon" href="http://i59.tinypic.com/2dhtv2h_th.jpg"/>
...
var tl=new Array(

" | Please Wait . . . . . . . . . . . . . . . . . . . .!!!",
" | System Your Connecting . . . . . . . . . . . . . . . . .Ok!!!",
" | Hello Admin! I Think U Are Thinking What Happened With My Site.",
" | Your Security Result = 100% Down.",
" | Don't Be Panic.",
" | We Rock And U Shock..",
" | Feel The Power of Pakistan.",
"",
" | Pakistan Zindabad"
);
...
!Greetz -: Brilliant , W3b_dR1ft3R , Romantic , X_Federal , BillGate , lllvlll4sT3r X , TH3*BL@CK*C0D3 , Muslim Cyber Army , All Pakistani & Muslim Hackers :- !
...
Intrl_lder@yahoo.com
...
<a href="https://www.facebook.com/muslims.cyberarmy007" target="_blank"><img src="http://i59.tinypic.com/35kip1h.jpg" width="100" height=100" border="0" alt="Muslim Cyber Army"></a>
...
<font face="Tahoma" size="1" color="#FFFFFF">|Feel Power of Pakistan</span></span> |
...