Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: justa-hairyape

Very interesting. So given the nature of the malware at Orly’s site, would it have been possible to have gotten infected just by viewing the page in my browser? Or would it have required doing something more, like opening a link or downloading an image from there or something?


40 posted on 08/09/2009 6:11:06 PM PDT by Yardstick
[ Post Reply | Private Reply | To 39 | View Replies ]


To: Yardstick
Don't know about this particular case and my computer egg head days were during the 90's. But let me explain the type of attack that just occurred on my Slovakian hosted application. I believe it was attacked because it was hosted on an East European countries server (they had the best price and service 5 years ago). This attack can shutdown any web site that a hacker can get into with the only option being a complete resetup of the site on another server. Here it goes.

Hackers get into your web site. Happens fairly easily with the software we have out there now. They typically install malicious links to spyware sites. Now if they can get code installed on the server, typically by uploading a file that gets executed through a security hole, they can actually put fake bank login screen files on your site. Then your users get those files on their computers if they go to your site with some weak anti-spyware and weak firewalls. Now you have malicious bank fraud files on the user computers. It ended up on my computer and they had a fake bofa login screen when I was doing my online banking. I know it came from my hosted server because I found the code and have saved it to a cd. They even had a directory called bofa on my hosted server. Now get this, I could not delete the files even though it was my site. Permission denied. Had to have the server admin guy use probably root privileges and delete the malicious software. I know the software could steal your bank login info because it stole mine and they tried to post a ~$2,000 check to my bofa account. That account has not had a check posted in 3 years. I don't even have any physical checks. It was my paypal bank account where paypal dollars was swapped into US dollars. So I told the bank immediately it was fraud and they put a hold on it. The hackers did not get any money and although the bofa internet fraud people were busy and never called me back, the fraud check posting eventually disappeared. I think that made the hackers mad. So they returned to my hosted site two weeks later, and even though all passwords were changed and all hacked files removed, we got an attack in the middle of the day. Again they uploaded the bofa files. This time however I suspect that they anonymously informed bofa, or bofa was watching the site. Because bofa fired off a email right away to the hosting service. Basically said their trademark has been violated and fraud had occurred and the hosting server had 24 hours to shut the site down and replace it with a link to web page that basically said anyone who had accessed the site could have been screwed. Now my hosting service did not link to that page and just shut down the site. Got an error when you accessed it. Now all this occurred over about a 3 to 4 hour period. The site was gone before I even had another chance to clean it up. So knowing that, you have to be very careful when using your computer to access online financial accounts. Perhaps an IT expert can see if that possibly could have happened with your particular situation.

44 posted on 08/09/2009 6:57:49 PM PDT by justa-hairyape
[ Post Reply | Private Reply | To 40 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson