Y
Hacker News
new
|
ask
|
show
|
jobs
by
stusmall
4952 days ago
In this article it shows a few ways to check. Apparently they did a poor job of covering their tracks and ps will show you a kernel thread of get_http_inj_fr
http://blog.crowdstrike.com/2012/11/http-iframe-injecting-li...