sass

One more update, the full name of the trojan is xpladv493[1].wmf I recently saw one other site that it had hit, it isn't very widespread yet apparently.

Just an update: I found a calling card by someone calling himself "Partizan." He links to the following site: http://kizil.org/. I wasn't sure if there was a procedure for reporting these guys or what, but I think he is exploiting our news management system. I'm working on it as we speak. Sass

That's good to know. I still wonder what is telling my site to download the trojan.

I help run bytezandpieces.com, and today while I was fiddling around I noticed that the site is downloading the trojan from the following address: zbzppbwqmm.biz/dl/adv493.php I also noticed the program "webalizer" in my tmp file and wasn't sure if this was related or not. I am not up on script enough to be able to pick out what on my page is causing me to download from this website, and webalizer is open source so I asume it could be used for good or evil. Any suggestions? Thanks, Sass