Author Topic: bytes dot com hijacked (Read 5571 times)

zenzor · « **on:** January 27, 2013, 07:44:30 AM »

Looks like bytes dot com has been hijacked, it redirects to a russian porn site with some malicious stuff on it. Avast did catch it though, as usual...

Pondus · « **Reply #1 on:** January 27, 2013, 10:50:13 AM »

zulu analyzer
http://zulu.zscaler.com/submission/show/97b0f666be40d356d5da948fc1ba005f-1359280000

if you think this is wrong you can report it here. http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply

zenzor · « **Reply #2 on:** January 27, 2013, 11:58:44 AM »

OK, thanks.

But it's still hijacked, isn't it?

Pondus · « **Reply #3 on:** January 27, 2013, 12:29:58 PM »

Quote from: zenzor on January 27, 2013, 11:58:44 AM

OK, thanks.

But it's still hijacked, isn't it?

it does not redirect my ipad.....
do you have problems with other websites?

Asyn · « **Reply #4 on:** January 27, 2013, 12:36:26 PM »

Quote from: Pondus on January 27, 2013, 12:29:58 PM

Quote from: zenzor on January 27, 2013, 11:58:44 AM
But it's still hijacked, isn't it?
it does not redirect my ipad.....

No avast! warning and I don't get redirected either.
-> http://sitecheck.sucuri.net/results/bytes.com

zenzor · « **Reply #5 on:** January 27, 2013, 01:07:50 PM »

Well here's a screenvideo of what I get:

http://miscfiles.net/temp/0001/bytescomvir

XP SP3, IE8, AIS 6.0.1367

No problems with other websites so far.

Pondus · « **Reply #6 on:** January 27, 2013, 01:15:11 PM »

just tested on a computer with IE and opera..... no redirect

maybe you should take a malware check here....

follow the guide and attach the requested logs.....http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done a removal specialist will be notified and help you. it may take hours before he arrive so be patient

zenzor · « **Reply #7 on:** January 27, 2013, 01:17:21 PM »

Where is "here"?

Edit. Oh, sorry. for some reason part of your message was missing the first time I read it. Strange.

Pondus · « **Reply #8 on:** January 27, 2013, 01:20:56 PM »

Quote from: zenzor on January 27, 2013, 01:17:21 PM

Where is "here"?

Edit. Oh, sorry. for some reason part of your message was missing the first time I read it. Strange.

because i edit the post and added that som minutes later.

polonus · « **Reply #9 on:** January 27, 2013, 05:49:21 PM »

Could be this is a swfobject.registerObject("csSWF", "9.0.115", "expressInstall.swf"); malware with non=patched software (see code line 13)
shockwave flash malware...“Adobe Flash Player 'SWF' File Remote Memory Corruption Vulnerability”
The site gives a conditional redirect to htxp://miscfiles.net/temp/0001/bytescomvir/

polonus

zenzor · « **Reply #10 on:** February 09, 2013, 05:33:13 PM »

Quote from: Pondus on January 27, 2013, 01:15:11 PM

just tested on a computer with IE and opera..... no redirect

maybe you should take a malware check here....

follow the guide and attach the requested logs.....http://forum.avast.com/index.php?topic=53253.0

Well looks like RogueKiller got rid of it. Thanks very much!

zenzor · « **Reply #11 on:** February 09, 2013, 05:34:59 PM »

Quote from: polonus on January 27, 2013, 05:49:21 PM

Could be this is a swfobject.registerObject("csSWF", "9.0.115", "expressInstall.swf"); malware with non=patched software (see code line 13)
shockwave flash malware...“Adobe Flash Player 'SWF' File Remote Memory Corruption Vulnerability”
The site gives a conditional redirect to htxp://miscfiles.net/temp/0001/bytescomvir/

polonus

Not sure what you mean here - is there something wrong with the video I uploaded?

Author Topic: bytes dot com hijacked (Read 5571 times)

zenzor

bytes dot com hijacked

Pondus

Re: bytes dot com hijacked

zenzor

Re: bytes dot com hijacked

Pondus

Re: bytes dot com hijacked

Asyn

Re: bytes dot com hijacked

zenzor

Re: bytes dot com hijacked

Pondus

Re: bytes dot com hijacked

zenzor

Re: bytes dot com hijacked

Pondus

Re: bytes dot com hijacked

polonus

Re: bytes dot com hijacked

zenzor

Re: bytes dot com hijacked

zenzor

Re: bytes dot com hijacked