Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 3 September 2009

spywaresignatures.com offline

I was alerted by Sparsha earlier this week, that spywaresignatures.com had gotten itself compromised and was spewing exploits. After a little run around with the hosting company, I received a response from them that they would be suspending the VPS associated with it, if no response from the customer was received.

Checking earlier today, showed the original infection had been cleaned up. However, either the site had been re-hacked, or the cleanup simply wasn't done properly, as the site was still spewing malware via an iFrame to;

ohrhrhrhereo.cn/in.cgi?2

IP: 219.152.120.118
IP PTR: 118.120.152.219.broad.cq.cq.dynamic.163data.com.cn
Netname: CHINANET-CQ

There are over 100 other malicious sites in the hpHosts database, that are on this IP/range, a list of which can be found here)

After informing the hosting company of this, they have suspended the VPS and will be updating me once they hear from their customer. As soon as I hear more from them, I'll let you all know.

Until this matter is resolved, spywaresignatures.com will be offline.

References:
http://www.google.com/safebrowsing/diagnostic?site=http://www.spywaresignatures.com/&hl=en

No comments: