Insert following code at “INSERT” location in original malicious script . remove MIDI exploitation code before execution :)
var fpo = new ActiveXObject(“Scripting.FileSystemObject”);
var sc = fpo.OpenTextFile(“c:\\Shellcode.bin”,true);
while(FJWVzIe1.length < aqfvjY5/2) FJWVzIe1 +=FJWVzIe1;
var DmxL8 = FJWVzIe1.substring(0, aqfvjY5/2);
NyWLa1[i] = DmxL8+DmxL8+kpemoez4;
This website , will give you all information about hacked/defaced site . Recently it exposed e2 Lab scam (Earlier associated with Ankit Fadia .. LOL and Double LOL :)
If you’ll analyze web-logs of National Software Reference Library supported by National Institute of Standards and Technology (NIST), US especially at “Technical Information–>Missing Files , there you’ll see lots of RFI (Remote File Inclusion ) exploit attempts. All these files are having the strings which is explained by SANS Storm Center. You know how websites gets hacked ? Here is a sample hacked site . More hacked sites you can find using this Google dork “intitle:FaTaLisTiCz_Fx Fx29SheLL“. Also you can analyse these web-logs and most important your web-logs !! So what you think about FeeLCoMz ?
Websites defaced by R3YR3 !!
Both websites are owned by same person ( has taken WHOIS privacy service).
R3YR3 is a member of Indonesian Defacers group . It seems another member , Flyff666 from same group is resposible for Win32.Sality.aa virus as detected by Kaspersky and he himself has given different names like W32.Sarap.B or W32.Amburadul.Virus or has taken code from them. Infected files are here and I think this webserver itself is infected. ( Files are in double extensions , this virus is infecting Image file format like JPG, gif, png etc.)