Wednesday February 10, 2010 2:33 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"I too have been a labor voter for many years and will not be voting for them again. The ..."
on Net filter legislation to go public by March
by maxt | Feb 9, 2010 7:56 PM
 
"I’ve just had a user receive a rehashed version of this with an attached html file containing a ..."
on ATO struck by new phishing scam
by Owen Lutz | Feb 9, 2010 6:01 PM
 
"hi"
on Chinese hacker school shut down
by manish kumar | Feb 9, 2010 4:27 PM
 
"Hey 'hey con-roy' ... from Google Australia's head of policy Iarla Flynn"We don't believe that ..."
on Conroy meets with Google for YouTube filtering
by Keep it real | Feb 9, 2010 3:33 PM
 
"@penno Off-site storage is a good solution unless you have some decent backup software to ..."
on Opinion: My holiday tip - backup your data now
by Charmgene | Feb 9, 2010 2:36 PM
Web

JB Hi-Fi, Overclockers websites compromised

  • Email a Friend
  • Print Page
JB Hi-Fi, Overclockers websites compromised
Related Articles
By Ben Grubb
Nov 30, 2009 1:37 PM | 1 Comment
Tags: Overclockers | hacked | virus | malware | compromised | compromise
Users document their infections.

The websites of JB Hi-Fi, one of Australia's largest retailers, and PC hardware forum Overclockers, were compromised over the weekend.

Hundreds of users have been reporting malware infections and other issues from Friday evening, with users posting details of their experience on broadband forum Whirlpool, which ironically faced its own security breach a week earlier.

Overclockers had been hit for the second time in quick succession. The site reported a security breach just over a week ago and is currently offline due to "technical issues". Whirlpool users reported JB Hi-Fi as having a similar issue.

 click to view full size image

The Whirlpool forums are crammed with users reporting redirects, drive by downloads and even malicious adverts that redirect victims to sites in Asia and Eastern Europe.

"It seems that some of their [JB Hi-Fi] ads have been hijacked and link to some Czech Republic websites which are registered with Norton as hosting harmful material," wrote Whirlpool user rtw.

"Just to let everyone know ... overclcockers.com.au is currently being redirected to malware site leasycrabs.cn," wrote Whirlpool user xconvergex.

Drive-by-download attacks usually prey on unpatched vulnerabilities in users' browsers or operating system. If successfully executed, victims need only visit a compromised site to be infected by malware.

JB-Hi-Fi's spokesman was not available for comment today. Overclockers had not responded to a request for comment.

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 1
Change your site FTP passwords often, folks. To clean your site, check all HTML and JS files for SCRIPT tags between the HEAD and BODY calling a foreign script you didn't put there, or appended at the bottom. And delete any PHP script in an image folder if you didn't put it there. And consider telling your FTP program not to remember site passwords, since that's probably where they were harvested from when one of your computers was infected with a trojan (run an aggressive malware scan on all your PCs and laptops, too). Hope this helps a few people, since this cleanup is quite a headache, and you don't want to get reinfected straight away.
SC Magazine - comments icon Posted by FrancisNov 30, 2009 2:48 PM
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
access antivirus breach compromised cyber data email facebook fake fraud hack hacked malware networking scam search security social spam twitter