«
»

Vancouvererrorsonfile infection

August 6, 2010 | Author

Over the past few days we’ve cleaned 312 infected websites all with the script:

(spaces added so it doesn’t set an alarm with your anti-virus program).

As of right now the following sites don’t recognize vancouvererrorsonfile.com as being malicious:

  • Google
  • Norton
  • rfc_ignorant
  • malc0de

However, McAfee’s SiteAdvisor and hpHosts do recognize it as being malicious.

At first it appeared that it was specific to one or two hosting providers, however as the infection carried on, we found it on at least 12 different hosting provider’s networks.

Looking at the server where this site is hosted, reveals other domains that have been used in various malscripts as well:

  • dottasink.net
  • nowisisdudescars.com
  • onlineisdudescars.com

and a few others.

These domains are all registered by the same person: hilarykneber@yahoo.com. This person is the contact person on whois records for 337 domains.

The name servers for vancouvererrorsonfile.com are:

  • ns1.masterhostingit.ru
  • ns2.masterhostingit.ru

Our service contiues to see these infections and clean them, even though these domains are not yet registered within Google’s Safe Browsing malware list. They have been submitted.

If you are infected with this, you can contact me at traef@wewatchyourwebsite.com and we will clean it for you.

If you have any other information to submit, please feel free to post comments.

Thank you.

Posted in Uncategorized | Tags: , , , ,

2 Responses to “Vancouvererrorsonfile infection”

  • Anthony:
    September 17, 2010 at 5:58 pm

    I seem to have been infected by this. How do i protect my website from such script inserts?

    • admin:
      September 17, 2010 at 6:22 pm

      Some of these were the result of a “unknown” vulnerability with a few hosting providers, but many of them were from a virus on a PC that was used to FTP files to the infected website.

      What you can do is make sure you’re using an up-to-date anti-virus program. I like, and use, Avast. Then make sure it’s doing a full scan of your PC at least once a day. If not, any new virus definitions that you downloaded today, won’t ever find the viruses from yesterday. Only a full system scan will take full advantage of the new definitions.

      Also, start using SFTP instead of FTP. FTP transmits all data, including username and password in plain text. This makes it easy for a virus to “sniff” the outgoing FTP traffic, see the username and password in the data transmission, steal it and use it to hack your website. SFTP encrypts the traffic so it’s much more difficult to sniff.

      That’s my recommendations.

Leave a Reply

«
»