Thursday, November 29, 2007

Under attack

I've had to take my own website,, down. It had become infected with a nasty little piece of javascript that hooked up to a Russian site, Don't worry, this blog's hosted by google! Do a search on and it looks like it's being run by the Russian Business Network as a means of infecting pc's to recruit them for its network of zombies, poised to deluge others the world over with spam, or to be used in co-ordinated DDOS attacks. You can find out more about this nefarious criminal organisation here and at CastleCops

At first I thought I'd been sloppy in my coding and security, but I couldn't find where they'd got in. After some digging, it seems there are loads of other sites hosted on the same server who are all infected. I found who they were by means of my IP neighbors. Don't look at any of those other sites unless you have a good, up-to-date antivirus and preferably a firewall (use it to exclude addresses and This could well mean the server is infected by a rootkit.

I e-mailed the hosting company, 3ix's support people whose response was that I was at fault. Dig around enough and you can see people have been complaining to 3ix about this for at least the last 2 weeks.

It's bad enough having RBN around, far worse when people in the business make their life so easy.


At 2/7/08 01:54, Anonymous Anonymous said...

there are many instances of this site ( and others) which hosts malware the sites are targeted by automated software ( called mpack) which searches for websites vunrable to remote ssl injection when it finds a website it injects an iframe ( or redirect) into the webpage which is hidden ( you can only tell by looking at the status bar) when the site is loaded it attempts to dowload and run eather a malware varient or trojan (storm worm usually) the site is acociated with the new meda malware gang also the websites hosted by the rbn may show a site suspended message THIS IS FAKE and you will still be infected.


Post a Comment

<< Home