[Driftstörning] cdio.org (upal.ita.chalmers.se) intentionally disconnected from the network

[Taz Lodder]

Hi


I received a report via abuse at chalmers.se that users in a University in Dublin are getting malware detections when browsing cdio.org - specifically for HTML/Darkleech.b.


I ran full virus scans (sucuri online and clamscan) of the drupal installs (old and current) on upal.ita.chalmers.se. Six infected files were found, but only in old versions of the site, and were dated between April 2009 and June 2015 so nothing very new.


There were no infected files detected in the served version of the site.


I have quarantined the detected files to /tmp/quarantine and chmod'd 000.


At this stage, due to the tools not finding anything obvious, it feels risky to leave this server connected to the network over the weekend so a forced to drop the network connection and continue investigations on Monday.


I have left a full system virus scan running in a screen session.


Taz

IT-Office
-------------- next part --------------
En HTML-bilaga skiljdes ut...
URL: http://lists.chalmers.se/pipermail/driftstorning/attachments/20161202/dbfeb90c/attachment.html