Buy Windows 7 – state of the index

by David Naylor
See Dave Speak SMX London

If there is one post that you shouldn’t skim it’s this one. Last year I declared this would be the year we saw an increase in Hack’s and XSS, and in the last few days I have had a “What the hell just happened!” moment..

It started with Chris Pirillo’s website which IMO has been hacked. (Chris if you see this I did try to get hold of you)

which then redirected me to :

then I found more :


In fact I found so many I started to get worried. I rang a few of the UK sites, explained who I was and asked for some server details, but again I couldn’t get any collation between OS or software on the servers.

Exploited on IIS :

Host: www.siia.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6
Referer: http://www.google.com/search?hl=en&safe=off&q=buy+windows+7&start=10&sa=N
HTTP/1.1 301 Moved Permanently
Date: Fri, 05 Feb 2010 14:58:40 GMT
Server: Microsoft-IIS/6.0
Location: http://software-shopping.net/shop/item/325/?cpn=siia_soft

GET /development/ePortfolio/CDSM/?id=5089=Microsoft-Windows-7-Ultimate-(64-Bit).html HTTP/1.1
Host: www.techdis.ac.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6
Referer: http://www.bing.com/search?q=buy+windows+7&go=&form=QBRE&filt=all&qs=n

Exploited on Apache/2.2.3 (CentOS)

HTTP/1.1 301 Moved Permanently
Date: Fri, 05 Feb 2010 15:09:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-control: no-cache, must-revalidate
Pragma: no-cache
X-ENGINE: rx-engine
Location: http://software-shopping.net/shop/item/325/?cpn=www_techdis_ac_oem
Content-Length: 0
Connection: close
Content-Type: text/html

The only Footprint is the end site. At the moment I’m waiting for the code to be sent to me from one of the exploited servers. It looks to work on search referrer if we had to fake it to wget the pages if you hit the referrer too hard you will trigger a 404 page

anyways check out

http://www.bing.com/search?q=buy+windows+7

several  Hacked sites on the first page and the #1 site hacked

http://uk.search.yahoo.com/search?p=buy+windows+7

several  Hacked sites on the first page and yahoo does warn you when you click

http://www.google.co.uk/search?hl=en&safe=off&q=buy+windows+7&start=10&sa=N

you have to go to  the second page but they are all there.

Dave

Making your inbox more interesting
Looking to keep up to date, or find out those things we can’t mention on the blog? Then sign up to our semi-regular newsletter. Don’t worry, we won’t spam you.

1 Lonely Comment

Get in Touch

Things are better when they’re made simpler. That’s why the David Naylor blog is now just that; a blog. No sales pages, no contact form - just interesting* info about SEO.

If you’d like to find out more about the Digital Marketing services we do provide then head over to Bronco (our main company website) to get in touch.

Get in Touch Today * Interestingness not guaranteed
Part of the Bronco family