VideoWhisper Site Hacked, Users Advised to Visit Using Internet Explorer
The VideoWhisper site was hacked. Although vulnerability was removed and site repaired, until google review the site will not be accessible by Firefox and Chrome. All users are advised to access site directly by entering domain in Internet Explorer.
Buzau, Romania, August 17, 2009 --(PR.com)-- On 15 August 2009 VideoWhisper com staff discovered that the main site has been hacked and also blacklisted by Google, Firefox, Chrome.
Attacker inserted malicious html content that loaded pages from his site using invisible iframes probably to generate fake traffic. All index.php, .htm, .html files were corrupted by adding html code with invisible iframes at their end.
VideoWhisper developers built a script that found and removed all malicious content.
Now Dasient com shows for the VideoWhisper site 0 infected pages of all 33 pages quick scanned.
The cleanup script scans all site files for certain strings and code and can also remove certain code. VideoWhisper will probably release this tool to the public domain when this is cleared up.
Looks like the source of the problems came from a htmlarea component. Attacker managed to upload a .jpg.php file and various exploits from there. VideoWhisper staff removed it completely.
The VideoWhisper site was also blacklisted by google / firefox / chrome. Owners already posted a review request as they found and fixed the problems fast.
VideoWhisper removed vulnerability, fixed content, changed passwords, requested safety review from google.
As for the moment the site is not accessible with Firefox, VideoWhisper advises all users to access site directly by entering domain in Internet Explorer.
###
Attacker inserted malicious html content that loaded pages from his site using invisible iframes probably to generate fake traffic. All index.php, .htm, .html files were corrupted by adding html code with invisible iframes at their end.
VideoWhisper developers built a script that found and removed all malicious content.
Now Dasient com shows for the VideoWhisper site 0 infected pages of all 33 pages quick scanned.
The cleanup script scans all site files for certain strings and code and can also remove certain code. VideoWhisper will probably release this tool to the public domain when this is cleared up.
Looks like the source of the problems came from a htmlarea component. Attacker managed to upload a .jpg.php file and various exploits from there. VideoWhisper staff removed it completely.
The VideoWhisper site was also blacklisted by google / firefox / chrome. Owners already posted a review request as they found and fixed the problems fast.
VideoWhisper removed vulnerability, fixed content, changed passwords, requested safety review from google.
As for the moment the site is not accessible with Firefox, VideoWhisper advises all users to access site directly by entering domain in Internet Explorer.
###
Contact
VideoWhisper.com
Teodor Nica
0722141701
www.videowhisper.com
Contact
Teodor Nica
0722141701
www.videowhisper.com
Categories