Hacker News new | past | comments | ask | show | jobs | submit login

I'd expect the old insecure joomla install was the original source of the infection, the cron was just there to automatically re-infect it without the attacker needing to run the same remote exploit repeatedly

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact