Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009 Website Hijack?


  • Please log in to reply
5 replies to this topic

#1 Grimward

Grimward

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 31 July 2008 - 07:06 AM

I have had quite a battle with Antivirus 2009 (as so many have) and I have used the advice on this site to sort it out. However, there is a curious problem that I wanted to ask those who know more than I on these issues...

Is it possible for a particular website to 'host' the virus? My partner always gets a Antivirus 2009 popup when she attempts to access 'Justball.net' (a Micheal Ball (singer) fansite). She has used the site many times before with no problems...

To check this out I tried to access the site on a different machine and my Nortons blocked it straight away.

I wonder if it is possible for Malware owners to hijack an innocent website to launch attacks on victims?

Edited by Grimward, 31 July 2008 - 07:07 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 31 July 2008 - 10:33 AM

These type of infections spread via Internet Relay Chat (IRC) and peer-to-peer networks, visiting underground web pages, adult, gaming or pirated software sites. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The infection also spreads through emails containing links to websites that exploit your web browser’s security holes and by exploiting a vulnerability in older versions of Sun Java. When you click on a link in a Vundo-laced email, Internet Explorer launches a site that stealthy installs the Trojan so that it can run every time you startup Windows.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Grimward

Grimward
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 01 August 2008 - 05:05 AM

The idea of naughty banner ads might be the issue. I was surprised that accessing this 'innocent' website (I cannot imagine that the owners would purposely install malware) would produce an attack. The first time I tried to access it on a different machine (that had not been there before) all sorts of alarms went off.

I still wonder if the owners of the site have been infiltrated in some way. The people who would view this site (mostly older ladies) would be prime targets for 'scary' pop-ups. My partner at least had me to call.

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:46 AM

Posted 01 August 2008 - 05:28 AM

that site's been hacked allright

I googled it with firefox w/noscript

Google gave me a go ahead(check mark)

scanner power antivirus popped up, no Micheal Ball

Mcaffe site advisor gives it a big question mark

visualroute traces it to the heart of Russia

My machine is squeaky clean
Chewy

No. Try not. Do... or do not. There is no try.

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:46 AM

Posted 01 August 2008 - 05:32 AM

STD Group Inc
5715 Will Clayton #3712
Humble, TX 77338
US

Domain name: SITEGROUND144.COM


Administrative Contact:
Ivanov, Mihail mivanov@siteground.com
5715 Will Clayton #3712
Humble, TX 77338
US
+1.800828923 Fax: +1.8662278564

Technical Contact:
Ivanov, Mihail mivanov@siteground.com
5715 Will Clayton #3712
Humble, TX 77338
US
+1.800828923 Fax: +1.8662278564



Registration Service Provider:
mivanov@siteground.com
18008289231


that fan site is registered to a russian, I think it's a scam
Chewy

No. Try not. Do... or do not. There is no try.

#6 Rick-F

Rick-F

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South FL
  • Local time:06:46 AM

Posted 10 August 2008 - 11:04 AM

<snip>
Is it possible for a particular website to 'host' the virus? My partner always gets a Antivirus 2009 popup when she attempts to access 'Justball.net' (a Micheal Ball (singer) fansite). She has used the site many times before with no problems...

To check this out I tried to access the site on a different machine and my Nortons blocked it straight away.

I wonder if it is possible for Malware owners to hijack an innocent website to launch attacks on victims?


I think so. I've run into a site that looks like it's been hacked to show pop-ups for 'Power Antivirus2009'. At first I thought my PC was infected, but all scans (MalwareBytes included) come up clean. The only time I've seen the pop-up was when I googled (Yahoo or LiveSearch) for "Okeechobee Steakhouse". When I click the interlock on my firewall, I see ZoneAlarm alert showing an address that points to St. Petersburg, Russia.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr SP-2; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; IE-6.0; OE-6; ZA-7.0.302; avast 4.8.1229 (latest)

Use the most powerful AV product available = "Common sense"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users