Here we see the results of a hack of an Apache file named .htaccess
(read redleg’s analysis here: https://www.badwarebusters.org/main/itemview/26675 )
on System Details:
Running on: Apache/2.2.26
System info: (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
as a SE visitors redirects
Visitors from search engines are redirected
to: htxp://flyghtairline.ru/access/index.php
11 sites infected with redirects to this URL
See: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fpantathailand.net%2F
For redirect see: http://labs.sucuri.net/?details=flyghtairline.ru
Blacklisting status: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=pantathailand.net
and http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=flyghtairline.ru/
There is also an iFrame (hidden frameset) going to
<frame name="main" src="htxp://www.ethailandhost.com/panta/index.htm">
without additional malware: http://wepawet.iseclab.org/view.php?hash=5016999753c2685999697d65e36ea289&t=1355950873&type=js
pol