I have another client’s site attacked by Sejeal. Again I found a “sejeal.JPG” file in the root directory. Client called me saying the hyperlinks don’t work. Browser was giving back 404 error.

I found this article that shed some light on the matter. One of my main tools “JCEditor” has a vulnerability that attackers are exploiting.

http://www.prolateral.com/news-section/news-news/289-has-your-joomla-website-been-hacked.html