February 16, 2010

The malware places the following malware script after the <body> tag of a website's pages:

The malware script can be readded to the website's pages with the following backdoor file loaded onto the website that is placed somewhere in the website:

This malware appears to only affect websites hosted by IX Web Hosting and it is most likely that its insertion into websites is due to a security vulnerability within IX Web Hosting's systems. If you are IX Web Hosting customer who has been infected, we would be interested to know what response you have received from IX Web Hosting about this issue.