Archive for the ‘Hack’ Category

Posted on 7 December 2008 at 23:44 UTC, filed under Hack, 47 comments.

The last time I wrote about a hacked site, it was using a redirect that sent some users to a different site. This kind of hack is pretty common (even though it’s usually not as complex as mentioned in that post), it leverages the sad fact that users are often easy to trick and not browsing with protection (or a current browser).

A different angle of attack is to redirect only search engine crawlers to a different site. By doing this, they can make it look like the pages of a website moved to a new domain name. In general, when search engines find redirects like that, they will more or less pass the “value” that a page had on to the new URL — that generally also applies to PageRank. So in a sense, they are trying to steal the value that a webmaster has built up over time.

In this particular case, a “massive amount” of sites were hacked and likely redirected through suomi.co.in.
Continue reading ‘Hackers stealing your PageRank’ »

Posted on 23 August 2007 at 22:03 UTC, filed under Hack, 18 comments.

Warning: do not try the URLs here unless your system is locked down properly. I suggest using a “virual machine” (I use VMware) to test things like this. The hack itself is complicated, the system is simple – skip the complicated part if you’re in a hurry.

It all started with a posting like this:

When I do a google search for [Jonathan Wentworth Associates] the first result is:

Jonathan Wentworth Associates, LTD
Welcome to Jonathan Wentworth Associates, a respected resource for world-class orchestral soloists,
conductors, opera, chamber music, chamber orchestras, …
www.jwentworth.com/ – 19k – Cached – Similar pages – Note this

The: “Jonathan Wentworth Associates, LTD” is highlighted and is a link to the web site. If you place the mouse over the link, it shows http://www.jwentworth.com. However, if you click the link it immeately attempts to download the trojan. My McAfee immediatly blocked it.

Looking at the page in question, it doesn’t appear to be hacked, it doesn’t appear to have any kind of scripts injected, etc. However, using LiveHTTPHeaders with Firefox, while doing the same steps (search, click on the top result) you see the following:
Continue reading ‘The website hack you’d never find’ »