Javascript in blog comment submissions

I have had a problem with blog comment submissions to our site. Something is adding in this code with javascript tags: if(typeof(dstb)!= "undefined"){ dstb();}  
If I search the web I find it in many forum type submissions - but no description of what it is or any reference  to it as a virus/worm problem.
 I can't find it in any source code that our site is using. It might be associated with pasting Word code into a textarea box in IE8, but that is just a guess.
Does anyone recognize what it is?

<script type="javascript">if(typeof(dstb)!= "undefined"){ dstb();}  </javascript>

Open in new window

Who is Participating?
shalomcConnect With a Mentor CTOCommented:
I an not 100% sure what code the dstb object includes, but it looks like phase II of an attack on your blog.
dstb is probably part of the infection package, and this javascript will trigger it if it has infected your web site.

you should scrub all submissions to your blogs and forums for malicious content like this. At the very least, upgrade your blog software to the latest versions regularly, because all active blogs and forums packages are regularly maintained to protect against such attacks.

If you use apache and control your own server, set up mod_security. If you are in a shared environment, ask your ISP if mod_security is installed and enabled.

asaworkerAuthor Commented:
It turns out we have a user internally who uses our web-based portal to access out forms. That web-based portal adds that into everything, even e-mails if you view the body.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.