Jump to content

944spec.org hacked?


chris_venturini

Recommended Posts

Every time I access the site as of today it takes me to some "anti-spyware/virus" site and wants to install software that I can only assume is malicious.

 

Anybody else experiencing the same thing?

Link to comment
Share on other sites

Ok, don't click on the link. And don't click on the fix. THAT said I had 9 viruses. I updated my Norton anti virus and ran it. In reality, I had 1 virus. In other words, the cure IS the virus loader.

Link to comment
Share on other sites

Yeah, looks like 944-Spec.org is loading and then redirecting to a scam/virus site. It's not uncommon for malicious websites to masquerade as anti-virus/anti-spyware tools that open pop-ups claiming you have viruses (which they couldn't possibly know at that point), and then you're hosed if you install or use their "solution".

Link to comment
Share on other sites

Ken tells me that the site is fixed and he is doing forensics now to find how the hack happened.

 

It should be safe to visit again but (as always) keep your anti virus up to date !

Link to comment
Share on other sites

The site was indeed hacked on 9/30 6:41am

Looks like a admin account might have been compromised.

 

It inserted code in the form of

<?php /**/ eval(base64_decode(".........."));?>

 

which did a redirect, open up a iframe and played a video simulating a windows virus infection, hoping the user would think it's real and click on it.

I'm sure Linux and Mac users find it amusing but some windows users might not realized they got played.

 

I did a global search thru the entire site and removed the offending code and made changes to some files and directory permissions.

 

I know where the attack came from and still studying how the the payload was installed.

Link to comment
Share on other sites

Yup - looks like it is still there when accessing the Tech Articles link from the home page.

 

 

Update sent to Ken - but he should see this thread as he's posted in it.

Link to comment
Share on other sites

Dear hacker,

One more naughty act and Ken is going to unleash the power of PIXAR on your sorry a$$!

He'll digitize you and re-animate you into a Monster's Inc. character....That's right. One BIG eye in the middle of your face.

Link to comment
Share on other sites

It's fixed again.

Left a snare to check for backdoor and it was tripped and module located.

The problem with a using a content management system is it's only as strong as it's weakness third party components. Working on upgrading components.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...