Home  »  hacking   »   Caution: Malware spreading site identified!
14 Jun 2010

Caution: Malware spreading site identified!

Posted in hacking By Rohit Sane

You may have read my last post which explains how my FTP account was Hacked and 3 of my Domains were being compromised and corrupts scripts were inserted into its source code for spreading malware and for Black Hat purpose. This is among the worse attack and many of the FTP users are being affected because of this. It is suggested that you use SFTP for security purposes!

I also suggest you to scan all your domains using Unmask Parasites and if you find these links then delete them as soon as possible and shift to SFTP. Stop using FTP! Also check your Client PC for any Virus and Malware issues.

http://kollinsoy.skyefenton.com was the site which is spreading malware to all the users and people who don’t use any antivirus protection of any old browsers are falling prey to it. Some of its variants are:

  1. kollinsoy.skyefenton.com:8080/Hardware.js
  2. kollinsoy.skyefenton.com/index.php
  3. http://kollinsoy.skyefenton.com:8080/Telnet.js
  4. http://kollinsoy.skyefenton.com:8080/Kibibyte.js
  5. kollinsoy.skyefenton.com:8080/Parallel_Port.js
  6. http://kollinsoy.skyefenton.com:8080/HDMI.js
  7. http://kollinsoy.skyefenton.com:8080/welcome.php

Even wordpress blogs as well as static websites were being compromised because of these malware.

This malware is said to store and transmit all your passwords to Russian and Chinese Hackers and they may use your domains for BlackHat SEO purpose or for further spread of this malware.

It is suggested that you stay away from these sites even though secure web-browsers are blocking it because of malware content.

Related posts:

About Author

Rohit Sane

  • http://agentdeepak.com/ Agent Deepak | Blogging, Marketing & Success

    Thanks for the head on info. I am going to scan my blog now.

  • http://techtrickz.com JK@techtrickz.com

    Hello, Thanks for this great and helpful info. Unmask Parasites is new to me and I checked my and my friends sites with this.

    Unfortunately, one my friends site have 2 suspicious domains. One is sfofotky.iexam.info and other is his domain itself.
    I hope he can solve the issue quickly.

  • http://www.thurstytoad.com Steve

    I just tried Unmask Parasites and it looks like it only checks the page you enter and not the entire site?
    Also, I use malwarebytes to scan my computer… if it gives me clean bill of health, am I really safe? I’ve got antivirus running also, but I’m a big fan of malwarebytes.
    Thanks for this follow up post. :) Steve

  • http://www.buypregabalinonline.com buy lyrica

    Three of my websites have been attacked by the hackers. We also use FTP to upload and download the files of the website. The problem was found out as password being saved on the FTP and the hackers have hacked passwords of those FTP. There was warning displayed on the website that opening this page might harm your computer.