The Roundstorm Virus/Trojan Information

It was a Sunday afternoon, and I was chilling at home with my family when I got a call from a friend saying a website was down – upon investigation something had altered one of the index.php files and it was this that was causing the site not to load.

Upon further inspection i found out that the file in question had 2 lines of text added to the bottom of it, and my findings were not good.

After a scan of that websites account, we found a lot more infected files. Oh dear.

I did some searching, and NOTHING came up on Google. Now ive been “surfing the web” for 16 years, and i’ve NEVER been unsuccessful in finding what I want on google – so it must have been BRAND NEW!

A few days later and I managed to find a blog that was discussing the virus, and also talking about the different forms/variations it came in.

After much searching, editing of files, searching, editing of files, altering the search criteria, searching, editing files – we finally have gotten rid of this crap – but it was a long process!

We think the Trojan gains passwords from Filezilla and access the sites via ftp, edit all the javascript files, all the index.html, index.php, main.php and maintenance.php files to include some javascript redirect type code.

The overall “point” of the virus is unclear, we could do with some original virus files so we can rip them to pieces and analyse what its doing.

We do think its simply a redirect virus that will try and send you to a Viagra site or something – so its not the worst thing in the world.

It does however block users from viewing your website if they have found it thru google or if they have Virus/Malware/Spyware scanners running all the time on your pc.

Need help getting dis-infected?

Call our BUG SQUASHING helpline on +44(0)1623 650 333 or send us an email!