@elandgren –
Thank you very much for the detailed information.
At least one of our sites is in the middle of this attack. If you have a moment, I’d like to ask your advice on a few things as we figure out our course of action.
Our programmer said that he discovered it in our FTP, and he’s on a Windows machine. I’m afraid I’ve downloaded some infected files inadvertently, but I’m on a Mac.
1) Does your 99% of windows users comment mean that it’s Windows-only, or since we’re working on a site in a mixed PC/Mac environment, does that mean that I can be a carrier, or infected, or am I “clean”?
2) I have about 15 FTP credentials for several sites within my Dreamweaver and Interarchy programs – could this infect them even without me logging in? IOW, should I immediately change ALL site FTP credentials?
Trying to triage the issue and figure out what to do.
Thanks again – just knowing that you survived this (albeit in two weeks’ time) is a big relief,
