A malware infection detected on servers


A French company which designs and hosts websites was notified by some of its clients that their websites could not be accessed. The company detected a malware infection on some of its servers. Clients trying to access these sites were redirected by the malware to other sites hosted in China.

The goal of the cyber-attackers seems to have been to artificially boost the number of visits to other websites to improve their Google search ranking.


GM Consultant carried out a digital forensic investigation to pinpoint the virus, identify the scope and suggest security measures. The impact analysis showed that more than 100 sites had been compromised by malware that took advantage of the systems vulnerabilities, and that the attack had originated in China. The malware identified by the GM Consultant loss adjuster was removed from the compromised systems and its signature was added to the policyholder’s network protection tools as a preventive measure.