“I want Porsche Turbo.” malware


September 10, 2012

This post is just to contribute a little to the collective knowledge about a scary Apache hijack that’s currently spreading. The hijack, which you can read about here, intermittently injects an iframe into html responses on all sites the server is hosting, with the apparent objective of running browser exploits to compromise the visitor’s computer.

The document which gets loaded into the iframe is often only code that attempts to run Java applets, load corrupt pdf files, etc. But, there’s a Google-able plain-english phrase that is sometimes contained in the document at the iframe’s src, “I want Porsche Turbo.” If that had produced Google results relevant to my issue, I would have tracked it down a few days sooner. So here’s hoping this post helps somebody else…