Author Topic: Is this site hacked?  (Read 5197 times)

0 Members and 1 Guest are viewing this topic.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Is this site hacked?
« on: March 30, 2011, 09:09:25 PM »
I read manga, but this is a spoiler site where i find spoilers....I guess it was a good site, but when i checked today, i think it is hacked.

hxxp://www.mangaspoiler.com/

Avast didn't stop it but thanks to NoScript

Edit : Sorry, I cleared my Firefox cache, and the redirection thing is gone.

I was redirected to some fake AV page

« Last Edit: March 30, 2011, 11:39:15 PM by Chris Thomas »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46286
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Is this site hacked?
« Reply #1 on: March 30, 2011, 09:20:57 PM »
If you suspect an infection, please don't post a live link.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline danny96

  • Malware Fighter
  • Advanced Poster
  • **
  • Posts: 668
  • No-malware!
Real-time protection and Firewall: COMODO Internet Security 12.0.0.6810 -- Additional Protection: Web Of Trust, Ublock, NoScript, Malwarebytes Premium, Avast! Online Security, Hitman Pro -- OS: Windows 10

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37129
Re: Is this site hacked?
« Reply #3 on: March 30, 2011, 09:33:22 PM »
This should have been posted in the Virus and Worms section


Infected with Malware entry: MW:HTA:7
http://sucuri.net/malware/malware-entry-mwhta7

see screen shot
« Last Edit: March 30, 2011, 09:36:00 PM by Pondus »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46286
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Is this site hacked?
« Reply #4 on: March 30, 2011, 09:34:06 PM »
Danny,
I've also checked the site but it is still safest if you aren't sure about a site
to not post the live link.
That way, if it turns out to be infected, you didn't put any one else in danger if they
accidentally clicked on the live link.
Code: [Select]
http://www.mangaspoiler.com/
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33370
  • malware fighter
Re: Is this site hacked?
« Reply #5 on: March 30, 2011, 09:55:13 PM »
Fully agree with bob3160 here, munge that address so the unaware cannot click into malware, either by putting hxtp or wxw
or an extra space between http:// and www to break the live link.
Site has malware:
Sucuri free scan says:
web site:    
htxp://www.mangaspoiler.com/
status:
Site infected with malware. Suspicious conditional redirect, for details see: http://sucuri.net/malware/entry/MW:HTA:7
Quote
This attack uses the .htaccess file to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.
(source; sucuri)

Title:   
403 Forbidden
URL:   htxp://www.mangaspoiler.com
Redirects:    302 -> htxp://lessthenaseconddeal.com/in.php?n=6
Google:   Status Code:   403. Forbidden.
Redirects users to: htxp://lessthenaseconddeal.com/in.php?n=6
web trust: well see: http://www.mywot.com/en/scorecard/lessthenaseconddeal.com
and see: http://www.google.ru/support/forum/p/Web+Search/thread?tid=3f9126cf20326fe8&hl=en
Site not blacklisted,

That's all, folks,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4124
  • There is no magic, only lost physics
    • spg SCOTT
Re: Is this site hacked?
« Reply #6 on: March 30, 2011, 10:31:23 PM »
The less than a second deal page is one of the ones that does a fake scan...

It redirects to a .co.cc site, which then downloads a file called pcupdate107_2129.exe which avast doesn't detect.
http://www.virustotal.com/file-scan/report.html?id=482f36205c597255209a94a8790fe6a6308da0dd1464b2f94f219378bc5ba636-1301516385
Currently in the virus chest will send in a minute.

Not sure about the original site. didn't get redirected when viewing on ubuntu
« Last Edit: March 30, 2011, 10:36:13 PM by spg SCOTT »
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33370
  • malware fighter
Re: Is this site hacked?
« Reply #7 on: March 30, 2011, 10:47:59 PM »
Nice find, spg SCOTT, but there is also a link there to: htxp://defender-kzwu.co.cc/scan1/188

URL analysis tool   Result
Firefox            Malware site
G-Data                   Malware site
Google Safebrowsing   Malware site  
hxtp://defender-kzwu.co.cc/scan1/188%20malware

which domain does not exist or is unaccesible :( says Netirk,),

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37129
Re: Is this site hacked?
« Reply #8 on: March 30, 2011, 10:50:44 PM »
Quote
The less than a second deal page is one of the ones that does a fake scan...
But the downloaded Rogue is already detected by Malwarebytes - Trojan.FakeAlert
« Last Edit: March 30, 2011, 10:55:45 PM by Pondus »

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Is this site hacked?
« Reply #9 on: March 30, 2011, 11:37:07 PM »
I though there was no malware. It is like, after i cleared the cache, i am not seeing the redirection. This has made me crazy.I though my system was messed up instead, so i didn't think about changing http to hxxp.

I am now scanning with Malwarebytes and SuperAntiSpyware just to be on the safe side.

Thanks mod for doing it  ;)

Thanks guys for verifying........

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33370
  • malware fighter
Re: Is this site hacked?
« Reply #10 on: March 30, 2011, 11:45:01 PM »
Hi Chris Thomas,

And you thanks for reporting, thanks to you reporting others are safe.
Stay safe and secure online is the wish of,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Is this site hacked?
« Reply #11 on: March 30, 2011, 11:58:56 PM »
Hi Chris Thomas,

And you thanks for reporting, thanks to you reporting others are safe.
Stay safe and secure online is the wish of,

polonus

 :)