Author Topic: Defaced 9 days ago and also with spam! (Browser Injection)  (Read 3326 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Defaced 9 days ago and also with spam! (Browser Injection)
« on: November 26, 2014, 12:22:07 AM »
See: http://killmalware.com/jackdutch.com/#
Defacement signatures
jackdutch dot com is defaced! See more details below.
The following signature was found:
Hacked by TeaM System Dz
This signature was found in 127 websites.
Defacement given in Spam Check: Suspicion of Spam
meta name="keywords" content="hacked by team system dz"> <meta name="description" content="hacked by team system dz"> ...
Site Wide Check: Suspicious
hhucn3yz3iaqrebqflpwpogxonbg">hacked by team system dz</a></h3><div class="s"><div class="kv" style="margin-bottom:2px">
Detection missed: http://quttera.com/detailed_report/jackdutch.com
Detected: http://sitecheck.sucuri.net/results/jackdutch.com#sitecheck-details
beacon tracking: http://cookiepedia.co.uk/host/beacon-4.newrelic.com
-> http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fbeacon-4.newrelic.com%2F1%2F41b3fabaf8%3Fa%3D10889896%26pl%3D1413645154014%26v%3D460.9fd672a%26to%3DMwYBZxFVDxdRV0VQXwpMNkEKG09OQFxB%26be%3D380%26fe%3D12581%26dc%3D2031%26f%3D%255B%255D%26perf%3D%257B%2522timing%2522%3A%257B%2522of%2522%3A1413645154014%2C%2522n%2522%3A0%2C%2522u%2522%3A27%2C%2522ue%2522%3A38%2C%2522dl%2522%3A26%2C%2522di%2522%3A2205%2C%2522ds%2522%3A2341%2C%2522de%2522%3A2417%2C%2522dc%2522%3A12947%2C%2522l%2522%3A12957%2C%2522le%2522%3A12999%2C%2522r%2522%3A5%2C%2522re%2522%3A5%2C%2522f%2522%3A5%2C%2522dn%2522%3A5%2C%2522dne%2522%3A5%2C%2522c%2522%3A5%2C%2522ce+%3Cspan%3E...111+symbols+skipped%3C%2Fspan%3E&useragentheader=&acceptheader=
Decoded String: beacon-4.newrelic.com","licenseKey":"41b3fabaf8","applicationID":"10889896","transactionName":"MwYBZxFVDxdRV0VQXwpMNkEKG09OQFxB","queueTime":0,"applicationTime":0,"ttGuid":"","agentToken":"","atts":"H0ECEVlPHBk=","errorBeacon":"bam.nr-data.net","agent":"js-agent.newrelic.com\/nr-460.min.js
For: bam.nr-data.net Read: https://discuss.newrelic.com/t/content-security-policy-and-browser-injection/2629
IP badness: https://www.virustotal.com/nl/ip-address/108.59.4.67/information/ (check external request pattern->  http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://jackdutch.com&MODIFIED=0

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Defaced 9 days ago and also with spam! (Browser Injection)
« Reply #1 on: November 26, 2014, 01:26:29 AM »
That name was oddly famaliar.

They are the same d!ckheads who hacked one of out local Universities.

http://www.cbc.ca/news/canada/new-brunswick/isis-supporters-hack-unb-student-union-s-website-1.2797758
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.