Recently, a couple of sites hosted with us have been infected with a link to the w32.qakbot trojan.
What is a trojan?
A trojan is a piece of software that is designed to perform harmful actions to a computer.
So how did that happen?
A couple of clients PC's have been infected with a trojan called qakbot. It may have been downloaded as part of a freeware program or it was downloaded from an infected site.
This trojan allows a hacker to access your pc remotely and log keystrokes and send your information to botnets. This is what has happened in these cases. A keylogger has identified the ftp account and password for a site, and has sent the information to a hacker who has inserted a line of code in every page that has a <BODY> tag. This line of code instructs a server hosting the trojan to install it on the pc browsing the site at that time.
What is HNZ doing about it?
While we have no control over our clients PC's and antivirus status, nor their habits regarding internet security, we have informed the site owners to check the pc's they use to ftp files to their site. We have also eliminated the offending lines of code from the infected sites, deleted the FTP accounts associated with those sites and changed the passwords for those accounts to a more complex one.
We are also investigating ways of making malicious hacking (by way of infected customer pc's) of our customer sites more difficult.
How do I know if I have a trojan?
You must have a good quality virus scanner installed on your pc, and it must be up to date. The virus scanner, if its a good one, will detect the trojan before it gets a chance to install on your machine. Without a virus scanner on your pc, surfing the internet would be akin to thinking you can walk barefoot across a mile of hot coals without getting your feet burned.
So what should I do?
We strongly encourage our customers to:
Unfortunately, if the sites we have identified continue to become infected, we will have to disable them from our servers. When a site becomes blacklisted as an attack site, the integrity of the server that it is hosted on is compromised and this will affect other users.
To check if your site is compromised, replace the link at the end of the following url with your site address:
http://www.google.com/safebrowsing/diagnostic?site=http://www.test.com