malware planted on wheregoes.com

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

malware planted on wheregoes.com

Postby NotBuyingIt » Thu Apr 21, 2011 11:04 pm

I just read this message on the homepage of the very useful site wheregoes.com

WARNING:
Wheregoes' homepage was hacked and set to download a file from hXXp://782308434/jb.jar to every visitor's computer. If you have visited the site between April 14 and April 21, then please check your computer for viruses (I believe the virus involved might be Lofog!gen3). The homepage is now safe. Keep writing to me with your feedback - I wouldn't have found out about this if a user hadn't let me know that the site was crashing.


(Edit: munged "http" in the quotation.)
Last edited by NotBuyingIt on Fri Apr 22, 2011 10:35 am, edited 1 time in total.
NotBuyingIt
Spammer Killing Machine
 
Posts: 607
Joined: Sun Jun 13, 2010 5:22 pm

Re: malware planted on wheregoes.com

Postby Benzyl » Fri Apr 22, 2011 8:47 am

That certainly helps to explain why, when I visited the site for the last week or so, every browser I used crashed (apart from Safari). I thought that they had modified the scripts but their frontend looks pretty script free, at least until you click the button. I had checked the page source but couldn't work out the domain format of the hxxp://782308434 address.
Ruffian antics are a wrench in society's gears
User avatar
Benzyl
Spam Muncher
 
Posts: 889
Joined: Wed Jan 03, 2007 10:19 am
Location: North Britain

Re: malware planted on wheregoes.com

Postby NotBuyingIt » Fri Apr 22, 2011 10:31 am

Benzyl wrote: I had checked the page source but couldn't work out the domain format of the hxxp://782308434 address.

782308434 is: 46.161.20.82 according the the handy IP address conversions tools at
http://www.mydnstools.info/long2ip
NotBuyingIt
Spammer Killing Machine
 
Posts: 607
Joined: Sun Jun 13, 2010 5:22 pm


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest