Win 7 Home Security 2012 Hacked My Site with Stolen Password

The same rogue security software program that hit my business partner at the beginning of the month has since hacked CyberbullyingReport.com and three other websites of ours. The program stole the FTP passwords from FileZilla and used them to upload malicious server side scripts designed to load IFrames containing code that exploits weaknesses in browsers to download Win 7 Home Security 2012 to peoples computers.

Fortunately for us the sites compromised were all built using ASP.Net MasterPages which require HTML code to be placed within ContentPlaceHolder tags in order to run. Their program would download our files and append the malicious script to the code already on our index pages (ex:http://cyberbullyingreport.com/bullies/Default.aspx). As a result our visitors would see an error message containing a notice citing the malicious script as the cause of the runtime error. This is good news because if we used normal HTML documents our visitors could have been victimized by the program.