See: htxp://sitecheck.sucuri.net/results/developerindia.co.uk/hack.html
All content after the < /html> tag should be considered suspicious.
Three av’s flag the malware, Mal_Hifrm, used to deface the site: htxps://www.virustotal.com/file/d6f7766878243dae405e6fb31d5400c413981481ba2454a9a2300ba5d9df97c8/analysis/
Archives for defacements: htxp://www.zone-h.org/archive/filter=1/filter_date_select=today/page=44
and for mentioned example: htxp://www.zone-h.org/mirror/id/17872447
Mal_Hifrm was from 2012-06-06 23:24:03 up and alive, for others see: htxp://labs.sucuri.net/?malware/entry/MW:DEFACED:01
polonus
hack.html is still provided. Zulu does not scan other html pages/html requests inside of an html page.
hack.html is a troll page designed by the hacker (we should not mention the name). I assume if the admin is logged on and attempts to visit their site, they will be redirected to this page, hence that’s what trolls do. The hack.html page in itself is not harmless.
The iframe of youtube.com with the autoplay attribute is so that music appears to play in the background.
Hi !Donovan,
The hack.html page in itself is not harmless.
That quote of yours is valid,
and that is why Bitdefender's TrafficLight blocks me from going there with Google Chrome.
All MS hacks were redefacements, and defaced site was running on: Microsoft-IIS/7.0 powered by: ASP.NET,
polonus
Well in effect a defaced site might not be harmless, but the content should be blocked as soon as possible. I agree that for av it could be a criterium not to flag such sites, other than when additional security risks for a visitor are found. Well, it is good zone-h dot org exists, there should be no reason for online vandalism, web content should be secured, and unauthorized change to a website cannot be tolerated with or without malicious intent,
polonus