Cormac Moylan

Hi, my name is Cormac and this is my blog. On the web circa July 2006.

Statcounter.com, a flaw with their stat counter system? AIM and RSS feeds with feedcrier.com

Irish Website in Virus Hosting Shocker!

November 4th, 2006 by Cormac Moylan · 5 Comments

A well known regional and extremely popular website I regulary visit seems to be in a spot of bother this morning. There is quite a bit of evidence to indicate that they are hosting a virus on their server. A thread in the computers section of their forum provides some detail into the background of this discovery:

“Last month I received spam pretending to be from Submarino (a Brazilian site similar to Amazon) with suspicious links to a jpg and php file hosted in the directory http://un-named-irish-website.com/newsletter/.htacess/ The php file redirected to an .exe in the same directory.

I let the editor know directly they were likely hosting a virus installer and a report was also sent to Hostrocket via SpamCop. I checked again several weeks later but the files were STILL accessible - seems nobody did a thing about it.

It just happened again. This time the spammer is slightly more devious and put his php redirector on another site but again it points to an exe on un-named-irish-website.com. AVG identifies http://un-named-irish-website.com/new…atorio6256.exe as the virus PSW.Banker2.TSI

To whoever runs un-named-irish-website.com: Why the fuck are you hosting viruses for Brazilian thieves and why do you do NOTHING to secure your server when informed about it? “

I checked out the links provided in the post and there is a lot of truth so far about the issue raised. When I click on the first link the Netcraft toolbar alerts me of a possible Phishing attack.

Netcraft

Then almost instantly my anti virus, NOD32, alerts me of a possible Trojan download in progress. The trojan name is banload.BDJ. The majority of information on this Trojan is available in Porteguese. Unfortuntely i can’t figure out what exactly the Trojan does.

NOD32

This is a serious problem for this website that will need to be answered and of the course the procrastination of their host, Host Rocket, seems a bit dodgy also. There is the possibility that the website’s server has being hacked, which is why I have not named them, but if they were alerted about this serious issue then they should have taken action to resolve it.

kick it on kick.ie

Bookmark:
  • BlinkList
  • del.icio.us
  • Digg
  • Facebook
  • Google
  • StumbleUpon
  • Technorati

If you're new here, you may want to subscribe to my RSS feed. Thank you for visiting! Cormac

Tags: Software · Websites

5 responses so far ↓

  • Reply to this comment kick.ie // Nov 4, 2006 at 5:34 pm// 1

    Irish Website in Virus Hosting?…

    You’ve been kicked (a good thing) - Trackback from kick.ie…

  • Reply to this comment Andy Curtis // Nov 4, 2006 at 10:53 pm// 2

    Good post. Just one quick question. What exactly is NOD33?

  • Reply to this comment cormacmoylan // Nov 5, 2006 at 2:26 am// 3

    It’s my own version of NOD32? ;)

  • Reply to this comment Cormac // Nov 8, 2006 at 4:53 pm// 4

    The virus has since been removed from the server but I never received an email back from the website or their webhost about the matter after I informed them of the issue.

    Bad form, especially from the webhost.

  • Reply to this comment christina // Feb 14, 2007 at 6:13 am// 5


Leave a Comment