"Remote Data Services Data Control" warning on all my websites ?

[fastdns]

Hi

All my websites are trying to run a malicious code, and AV detects that as Bloodhound or its variant XML_HACK.AO .

The pop up is similar to the one described at :

http://msmvps.com/blogs/spywaresucks/archive/2007/02/06/548681.aspx

I have been frantically searcihng for a clue, but in vain.

Does anyone have an idea what this is and how it is spreading to all the sites ?

 

[Parcye]

I have the same, anybody got any idea how to solve this?

 

[sarhosting]

Have you checked all of your logs?

Is annoymous FTP turned? Have you got a demo account

Do you have anything insure like sql commands, that could cause SQL inject?

As these websites, PHP, Java or have any of these in it?

You could install rkhunter via command like works well for me

 

[Parcye]

What is rkhunter?

I have no demo account.

It looks like it is caused by an old joomla installed by a user.

Managed to fix the effected sites with a perl script that checks all files in home...

 

[sarhosting]

RK Hunter:-

Rootkit scanner

Project information

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer

http://www.rootkit.nl/projects/rootkit_hunter.html