That one’s easily caught. More tricky, and with researchers puzzled as to how exactly it operates, another has infected thousands of ‘mom-and-pop’ apache servers.
According to The Register, the script looks for various vulnerabilities specific to the visiting OS, and when it finds one pulls a .Mov file from the domain dedicated.abac.net. That in turn invokes a file from bds.invitations.fr, which installs a backdoor on end users’ machines. Victims are unlikely to know they’ve been infected because the installation is clear and seamless, and the malware uses few PC resources. At last check, only three of 33 antivirus programs detected the malware, which appears to be a derivative of the Rbot Trojan.
Some say that it is a variation of JS_IESLICE.AQ . Windows users can look for a file called mosvs8.exe to see if they’ve been infected.