Author Topic: bytes dot com hijacked  (Read 5651 times)

0 Members and 1 Guest are viewing this topic.

Offline zenzor

  • Jr. Member
  • **
  • Posts: 80
bytes dot com hijacked
« on: January 27, 2013, 07:44:30 AM »
Looks like bytes dot com has been hijacked, it redirects to a russian porn site with some malicious stuff on it. Avast did catch it though, as usual...


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37643
  • F-Secure user
Re: bytes dot com hijacked
« Reply #1 on: January 27, 2013, 10:50:13 AM »
zulu analyzer
http://zulu.zscaler.com/submission/show/97b0f666be40d356d5da948fc1ba005f-1359280000


if you think this is wrong you can report it here.  http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply


Offline zenzor

  • Jr. Member
  • **
  • Posts: 80
Re: bytes dot com hijacked
« Reply #2 on: January 27, 2013, 11:58:44 AM »
OK, thanks.

But it's still hijacked, isn't it?


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37643
  • F-Secure user
Re: bytes dot com hijacked
« Reply #3 on: January 27, 2013, 12:29:58 PM »
OK, thanks.

But it's still hijacked, isn't it?
it does not redirect my ipad.....
do you have problems with other websites?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: bytes dot com hijacked
« Reply #4 on: January 27, 2013, 12:36:26 PM »
But it's still hijacked, isn't it?
it does not redirect my ipad.....

No avast! warning and I don't get redirected either.
-> http://sitecheck.sucuri.net/results/bytes.com
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline zenzor

  • Jr. Member
  • **
  • Posts: 80
Re: bytes dot com hijacked
« Reply #5 on: January 27, 2013, 01:07:50 PM »
Well here's a screenvideo of what I get:

http://miscfiles.net/temp/0001/bytescomvir

XP SP3, IE8, AIS 6.0.1367

No problems with other websites so far.
« Last Edit: January 27, 2013, 01:10:48 PM by zenzor »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37643
  • F-Secure user
Re: bytes dot com hijacked
« Reply #6 on: January 27, 2013, 01:15:11 PM »
just tested on a computer with IE and opera..... no redirect

maybe you should take a malware check here....




follow the guide and attach the requested logs.....http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR




when done a removal specialist will be notified and help you. it may take hours before he arrive so be patient



« Last Edit: January 27, 2013, 01:16:50 PM by Pondus »

Offline zenzor

  • Jr. Member
  • **
  • Posts: 80
Re: bytes dot com hijacked
« Reply #7 on: January 27, 2013, 01:17:21 PM »
Where is "here"?  :D

Edit. Oh, sorry. for some reason part of your message was missing the first time I read it. Strange.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37643
  • F-Secure user
Re: bytes dot com hijacked
« Reply #8 on: January 27, 2013, 01:20:56 PM »
Where is "here"?  :D

Edit. Oh, sorry. for some reason part of your message was missing the first time I read it. Strange.
because i edit the post and added that som minutes later.  ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33980
  • malware fighter
Re: bytes dot com hijacked
« Reply #9 on: January 27, 2013, 05:49:21 PM »
Could be this is a swfobject.registerObject("csSWF", "9.0.115", "expressInstall.swf"); malware with non=patched software (see code line 13)
shockwave flash malware...“Adobe Flash Player 'SWF' File Remote Memory Corruption Vulnerability”
The site gives a conditional redirect to htxp://miscfiles.net/temp/0001/bytescomvir/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline zenzor

  • Jr. Member
  • **
  • Posts: 80
Re: bytes dot com hijacked
« Reply #10 on: February 09, 2013, 05:33:13 PM »
just tested on a computer with IE and opera..... no redirect

maybe you should take a malware check here....

follow the guide and attach the requested logs.....http://forum.avast.com/index.php?topic=53253.0

Well looks like RogueKiller got rid of it. Thanks very much! :)


Offline zenzor

  • Jr. Member
  • **
  • Posts: 80
Re: bytes dot com hijacked
« Reply #11 on: February 09, 2013, 05:34:59 PM »
Could be this is a swfobject.registerObject("csSWF", "9.0.115", "expressInstall.swf"); malware with non=patched software (see code line 13)
shockwave flash malware...“Adobe Flash Player 'SWF' File Remote Memory Corruption Vulnerability”
The site gives a conditional redirect to htxp://miscfiles.net/temp/0001/bytescomvir/

polonus

Not sure what you mean here - is there something wrong with the video I uploaded?