Author Topic: I have visited a hacked website (www.nakumattholdings.com)  (Read 4866 times)

0 Members and 1 Guest are viewing this topic.

dvdhp

  • Guest
I have visited a hacked website (www.nakumattholdings.com)
« on: September 22, 2013, 01:35:09 PM »
Hi.

Yesterday I visited www . nakumattholdings . com and instead of a normal web, only an image an the next text appeared: "Hacked by Sole Sad & invisible. Iranian Hackers Were Here" like can be viewed in this image: pic.twitter.com/0USM77h46c

My computer apparently works well, I'm doing a full system analysis with my Avast Antivirus and until the moment he hasn't detected anything, but, can I have been infected? I don`t know if they only have hacked the page or if they are also trying to hack visitors.
« Last Edit: September 22, 2013, 01:59:36 PM by dvdhp »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: I have visited a hacked website (www.nakumattholdings.com)
« Reply #1 on: September 22, 2013, 01:48:30 PM »
Please modify the link so it is not live, we don't want people being directed to infected websites thankyou.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: I have visited a hacked website (www.nakumattholdings.com)
« Reply #2 on: September 22, 2013, 02:19:59 PM »
yes seems to be hacked.... but that does not mean they placed something malicious there
to me it seems something just done for fun

Sucuri report: http://sitecheck.sucuri.net/results/www.nakumattholdings.com
Sucuri malware info:  http://labs.sucuri.net/db/malware/malware-entry-mwdefaced01

if you want a check, follow the logs guide at top in this forum section...


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: I have visited a hacked website (www.nakumattholdings.com)
« Reply #3 on: September 22, 2013, 03:36:33 PM »
This was the hack being performed (just defacement, apperently nothing infectious, but the site is hackable): [ Hacked By ALFA TEaM ]==---</title><link rel="shortcut icon" href="
htXp://sole-sad.persiangig.com/image/peace-and-love.jpg"  Iranian hackers operating from a USA IP.
Here you see what is out there: http://urlquery.net/report.php?id=5804098
http://urlquery.net/report.php?id=5430574  IDS alert for "ET CURRENT_EVENTS Executable Download named to be .com FQDN"
meaning "Fully Qualified Domain Name" -> http://doc.emergingthreats.net/bin/view/Main/2011495  (indicating trojan activity)
line 10: 10:< img src="htxp://sole-sad.persiangig.com/image/peace-and-love.jpg">  Iranian hackers
(defacement with the web page modified). Generally done for fun, political reasons and by script kiddies
This is being flagged by avast! Web Shield :  htxp://ist.net.sa/ as infected with JS:Defacement-H[Trj]

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

dvdhp

  • Guest
Re: I have visited a hacked website (www.nakumattholdings.com)
« Reply #4 on: September 22, 2013, 10:24:43 PM »
As Pondo suggested me, I read the logs guide of this section.

I utilize AdwCleaner, MalwareBytes, OTL and aswMBR.

Although I have no experience with logs, I have read them and I suppose there isn't anything weird.

Thanks everybody!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have visited a hacked website (www.nakumattholdings.com)
« Reply #5 on: September 22, 2013, 10:36:15 PM »
Looks clean ..  Any problems ?

dvdhp

  • Guest
Re: I have visited a hacked website (www.nakumattholdings.com)
« Reply #6 on: September 23, 2013, 10:47:18 AM »
No problems. My computer works well.

Thanks.