Blog

Buy Windows 7 – state of the index

by

1 Comment http://bro.gs/kvyd

If there is one post that you shouldn’t skim it’s this one. Last year I declared this would be the year we saw an increase in Hack’s and XSS, and in the last few days I have had a “What the hell just happened!” moment..

It started with Chris Pirillo’s website which IMO has been hacked. (Chris if you see this I did try to get hold of you)

which then redirected me to :

then I found more :


In fact I found so many I started to get worried. I rang a few of the UK sites, explained who I was and asked for some server details, but again I couldn’t get any collation between OS or software on the servers.

Exploited on IIS :

Host: www.siia.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6
Referer: http://www.google.com/search?hl=en&safe=off&q=buy+windows+7&start=10&sa=N
HTTP/1.1 301 Moved Permanently
Date: Fri, 05 Feb 2010 14:58:40 GMT
Server: Microsoft-IIS/6.0
Location: http://software-shopping.net/shop/item/325/?cpn=siia_soft

GET /development/ePortfolio/CDSM/?id=5089=Microsoft-Windows-7-Ultimate-(64-Bit).html HTTP/1.1
Host: www.techdis.ac.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6
Referer: http://www.bing.com/search?q=buy+windows+7&go=&form=QBRE&filt=all&qs=n

Exploited on Apache/2.2.3 (CentOS)

HTTP/1.1 301 Moved Permanently
Date: Fri, 05 Feb 2010 15:09:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-control: no-cache, must-revalidate
Pragma: no-cache
X-ENGINE: rx-engine
Location: http://software-shopping.net/shop/item/325/?cpn=www_techdis_ac_oem
Content-Length: 0
Connection: close
Content-Type: text/html

The only Footprint is the end site. At the moment I’m waiting for the code to be sent to me from one of the exploited servers. It looks to work on search referrer if we had to fake it to wget the pages if you hit the referrer too hard you will trigger a 404 page

anyways check out

http://www.bing.com/search?q=buy+windows+7

several  Hacked sites on the first page and the #1 site hacked

http://uk.search.yahoo.com/search?p=buy+windows+7

several  Hacked sites on the first page and yahoo does warn you when you click

http://www.google.co.uk/search?hl=en&safe=off&q=buy+windows+7&start=10&sa=N

you have to go to  the second page but they are all there.

Dave

1 Lonely Comment

  • Social media doesn't get rankings 1190 days ago

    [...] spamming and hacking sites to make them rank are still an unfortunate reality. These sites didn’t have integrated social media campaigns. They get links, filthy ones – but [...]

Write your comment

Optional

The Bronco Family
Work With Us