How to mass Search & Replace in text files.

[Lance F. Squire]

Jamon Camisso wrote:

> Lots of different ways to solve this problem it sounds like. Why don't 
> you post a sample segment of infected code e.g. between your 
> <body></body> tags on somewhere like pastebin.ca (or in an email if 
> people agree).
> 
> I propose that with said code, anyone on the list who is interested 
> write a program/script/command etc. to solve said problem and submit 
> them somewhere -- we could try doing everything through the wiki, 
> starting with the sample code.
> 
> Then after a few submissions we have a vote in which solution is the 
> best for x,y,z reasons etc. Submissions could be anonymous or attributed.
> 
> Any takers?
> 
> Jamon

Sounds like an Idea.

The offending JS is identified as:

trojan horse "JS:Redirector-H [Trj]"

It has infected 154 files on one site. I'm guessing the guy who edits 
the sites computer was/is infected.(I'm sure he is looking at that now.)

The script is actually between the </head> and the <body> tags. Actually 
outside of either.

If someone has already experienced this, others I'm sure would like to know.

Google only turned up how to un-infect your Windows client. I could find 
nothing of easy removal from multiple web pages... (Maybe I'm not 
searching right...)

I'll pastbin the code:

http://pastebin.ca/1409588

Lance
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists