jbekker

I was also using Filezilla. And filezilla save your passwords in clear text.

So after changing all passwords i did not save them anymore in Filzilla

@useshots I blamed the Kryptik because the outbreak occurred after the virus warning popped up on the laptop.

Sven, you’re right its not a WP bug of hole but the initial attack comes from a Trojan on your PC…

After getting you FTP data it changes the index.php and index.html files on the FTP servers…

Did not know about the second step. Fortunately i changed all FTP passwords..

You or someone who also uses your FTP data had got a trojan –> win32/kryptik

This trojan sents all your FTP data and passwords to someone who than uses it to change all index.html and index.php files on your server and adds to the end a string like <img heigth=”1″ width=”1″ border=”0″ src=”http://imgaaa.net/t.php?id=6744753″&gt;
the number at the end changes on every file…

I had it today for a few customers on Joomla sites

John Bekker
SJL Creations