Stec Records was recently attacked using the "exploit blackhole exploit kit" which made its way onto our files on the host for our site; Godaddy. We're still investigating the problem but AVG started popping up messages of "exploit blackhole exploit kit" "type( 2724)" threats when a page on www.stecrecords.com
was opened. The "Object name" reported by AVG included different web sites associated with the virus but surprisingly didn't include the site url that contained the threat, our site. With countless tabs open and the intermittent behavior of the virus it took a while for us to realize that it was our own site that had the virus.
This gets the virus off your/our site but you/we still need to get to the bottom of how they got in and to protect against future attacks. Local copies of files appear to be unaffected by the virus and the mystery files were not in our local mirror so either someone is getting in through godaddy or via FTP from either our development computers or another computer with ill-gotten log in information. First order of business was to run a virus scan on our development computers then to change the FTP and other log in passwords on the server. No virus' were found on our computers but we're caching a sampling of the modified files for analysis and for evidence in the eventuality that these people get to "pay the bill" so to speak (both figuratively and literally) but the time stamps on the files modified by the virus were spread out over more than an hour so updating the files on the server gets rid of the problem at least in the short term.
I know that posting this information is tipping my hand to these virus-ers but I'm sure there are others out there getting dicked around by these misguided soles.
Please remember Stec Records in your dreams if this post helps you in any way.