Hosting Sites –what are they hosting exactly?
Posted by Hannah Rosenbaum on June 8, 2007 03:55 PM
Our automated crawlers detect thousands of exploits every day. Recently, we have detected a spike in the number of exploits spreading across certain hosting sites. The worst offender seems to be proboards.com, an Internet forum provider, which hosts over two million online forums. We have also seen spikes in active exploits on hosting sites like neosite.ro.
The examples above may be indicative of a trend of hosters being targeted for attack. That, in turn, is affecting hundreds or even thousands of their sub-domains. In the wake of this threat, hosting providers need to be more vigilant, so that they’re not putting their users at undue risk the way that ProBoards seems to be doing.
On proboards.com, we have detected hundreds of unique exploits, and we estimate thousands of sub-domains may actually be affected. When we visited one of the hacked ProBoards sub-domains we were redirected to advancedhunt.com, which hijacked our browser to display deceptive warnings of spyware infestation followed by a stealth installation of the rogue anti-spyware program PestTrap.
We are contacting the providers and will keep you posted. In the meantime, users should be very cautious of any sub-domains on these sites.
We will soon be marking these sites red until the providers clean up their acts. The irony is that many providers have recently proclaimed increased concern about anti-malware. We wish they would direct some of that concern to themselves and spend some time to clean up their own sites.
Comments
This web-site looks like a big scam. The web-site asks for bank routing information to deposit a check. Please be aware of this site. Giving bank informaion will put your personal infor at risk.
Posted by: tracycnn | June 17, 2007 10:18 PM
Hi
Thanks for the good Information.But there are lots of sites in the web which tend to advertise or send virus to you system.
I have a issue whenver I login to Internet and Logout,A file named DelUS.exe is saved in the C Drive.I even checked without going to any websites,and Just conecting to internet.
Im using a DialUp Connection.
Do u have any Idea about it.
Posted by: Karthick | July 7, 2007 09:11 PM
I have been actively monitoring spyware/malware behaviour on a purpose built stand-alone computer running windows xp home with SP2.
After intentionally getting infected by hundreds of malicious threats, I noticed the behaviour was showing a definate trend establishing.
There appears to be a mini war raging and is not an easy one to monitor or overcome. In fact it is not only malicious but finitely distructive too.
Many users have reported to have suffered a complete instability in their operating systems after using spyware removal utilities like Adaware and SpyBot S&D.
Although I have thoroughly tested both these products for some years now, I find that my test-rig also suffers the same instabilities after removing some common browser infected threats.
The war that takes place on a user's system is one of little regard for the damage left in it's wake as it ploughs through a computer disrupting and disabling other spyware/malware software that may exist already.
The futility of most firewalls becomes apparent when spyware still manages to break through the supposed safety net that is reportedly protecting your valuable data and browser privacy.
Affecting businesses a recent survey worryingly revealed that well over 30 per cent of a 1000 organisations questioned didn't recognise that their business information is either sensitive or critical and, therefore, a business asset.
Of those organisations that have critical or sensitive information, more than 43 per cent have suffered an "extremely serious" or "very serious" breach, and a further 20 per cent had suffered a "moderately serious" breach in the last two years.
The main cause of the breaches was found to be the result of operator or user error, with 40 per cent of companies acknowledging that information security cannot simply be solved by technology. And nearly three quarters of organisations that suffered a "serious" breach had no contingency plan in place to deal with it.
But the DTI also found that over half of the organisations that have suffered a breach which they consider to be their "most serious" do not believe there is anything they could have done to prevent it, even though the companies involved indicated that the cost of a single breach was in excess of £100,000.
The DTI said the problem is that only one in seven organisations has a formal security policy in place. "The presence of a formal policy is one of the most important issues in reporting and resolving security breaches," said the report.
However, there is still insufficient awareness and understanding of what can be done to combat the more significant risks, particularly those posed by human actions.
Posted by: CTEK-Solutions | August 16, 2007 06:57 PM
Hi- I'm being plagued at the moment with two anti-virus ‘viruses’. One is ‘Spy-shredder’ and the other is ‘UltimateDefender’. They are very aggressive and persistent, popping up every few seconds in their attempt to bully me into buying their products ~ they have interrupted this short message no less than eight times all ready! Can anyone tell me how I can clean them off my system please, they’re driving me insane!
Posted by: Col-Ash | August 16, 2007 08:22 PM
That's horrible. Once you get in the server. All the sites hosted on that server get infected.
Great job you are doing, by contacting hosting service providers. I am also trying to write some tips and instructions on how to prevent yourself from getting attacked.
Posted by: webgk.com | August 24, 2007 05:55 PM
What we really need is a program that will eradicate the actual virus or spyware from our systems. It is not good enough just to find out you have one. Any suggestions?
Posted by: sincerely | October 2, 2007 12:23 PM
I havnt had any trouble with proboards.com, Ive been a member there for 7 years now, and I still havnt gotten any viruses, and I keep up to date on my protection. Oh and Yesterday I found a virus on my computer, (not from proboards) it said, Vundo and it says it came from Mcafee, And we dont use Mcafee cuz they suck, I use Nortan from AT&T, and it works wanders, I found about 30 of them, in my register Keys, and IE7 (Internet Explorer 7). Oh and you cant prevent your self from being hacked, unless you dont have the internet. Thats the only way. People use codes,C++, java, and other stuff to hack protected sites, and Servers. This is a good example>>> http://www.markyctrigger.com/forum/index.php
They tell and teach how to hack, and I already turned them in, and the forum provider said that they dont care.
Darkmage.
Proboards User For Life!!!
Posted by: Darkmage | October 11, 2007 03:42 PM
I would like to point out that none of those sub-domains were hacked.
1. They are spam accounts which Proboards is trying to illiminate. Any decent server administrator would know the pains of spammers
2. If PB were hacked, then why would someone waste their time modifying forums? Do you know the difference between exploits and hacking? You show little in-between knowledge
3. The server administrator of Proboards has given word that none of the so-called exploits were actually in Proboards
4. Why not just blacklist the bad sites that you are getting redirected to from Proboards and then give notice to Proboards about the spam forums that were registered?
5. You realize you have to download something to get the malware? You can't blame your own stupidity on Proboards especially when you weren't even on one of their hosted sites when you got the malware. That's like downloading a file from Limewire and getting a virus and saying it's all Limewire's fault
6. I'm too tired to continue because your argument is invalid on too many points to list
Posted by: Mentor | October 11, 2007 08:26 PM
I keep getting a virus message that Trojan.Win32.obfuscated.gx has infected my system - any ideas how to get rid of it?
Posted by: CAM | December 16, 2007 09:22 AM