Freewaregenius hacked w/ trojan downloader

Discussion in 'malware problems & news' started by acr1965, Apr 22, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I just visited freewaregenius dot com and was notified by Avast that a trojan downloader was detected. Google Chrome also alerted to the trojan. I am not sure if this is a possible false positive or not but I am aware many people from here visit that site and just wanted to give a heads up. Novirusthanks.com also alerted freewaregenius as a bad IP with malicious activity as well as an iFrame, possibly hidden.
     
  2. kurdi

    kurdi Registered Member

    Joined:
    Apr 23, 2010
    Posts:
    1
    Hello,
    This is Samer from Freewaregenius.
    My site was indeed hacked into, and a malicious code inserted that generated a hidden frame.

    I noticed my ESET NOD antivirus acting up today and intercepting code on my own website. The code was censured by the attacker's own hosting before I took action. At this point the malicious code has been removed and I am taking steps to ensure that all avenues by-which the attacker was able to access my site are being closed.

    That said, I am not sure exactly what to do and how to do it :doubt:

    I apologize for any inconvenience this has caused anyone.
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Glad you have your site back up, I enjoy visiting it as many others do as well. Hopefully someone will add to this thread with some ideas for you to keep your site from being hacked again. The log file from Avast shows this from my visit to your site when I got the warning-
    http://(edited).in/x/?src=world&id=tool|>{gzip} [L] JS: Downloader-RW [Trj] (0)
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    Samer, first, welcome to Wilders!

    The first thing you should do is contact your ISP, tell them that your server was hacked and have them check it for viruses, specially if the server is being shared by other domains.

    Doing a WHOIS on your URL, I see that your domain name is about to expire this August. If your ISP does not take prompt action to ensure a clean server, you have time to renew your domain with another ISP and move the hosting there as well.

    For now, immediately change the passwords on both your hosting account and server log ins, perhaps changing the user ID/ username on the server too.

    JR
     
Loading...
Thread Status:
Not open for further replies.