1 reply to this topic

[Freebird]

I recieved two mail post reply notifications from another site that I frequent. Both mails contained links to compromised sites. The first site 'b0x.com' tried to install an .XPI file, I did not go to the other one. I notified the forum host about the problem and this is what he wrote back regarding the sites below:

QUOTE
"Found some 40+ messages on three Forums posted yesterday and early today. Nasty, but clever low-level hacker. Multiple IP addresses, email addresses, screennames, and domain names (dictionary-derived). For your use, here are the domain names he/she used, with various subdomains:

b0x.com
freewebpage.org
250free.com
topcities.com
fateback.com
h12.ru
narod.ru

I've removed all the messages (which were replies) and, reluctantly, the messages they referred to. Removed the latter because hackers often program future attacks as automated replies to the same set of original posts."
END QUOTE

I don't use a Hosts file, so I don't know if these sites are or are not included in peoples most recent Hosts file.

If this is old news, please disregard this post.

[VashonDude]

None of them are in the latest version of MVPS Hosts. When I looked in IE-Spyad, I got the following (IE-Spyad entry on right side of arrow):

topcities.com -> topcities.com\betsonline

narod.ru -> narod.ru\karleyt

-- LB