Brute Force Shortcut Icon Defacement
view: http://www.webpagescreenshot.info/img/5513366cd81904-70396014
ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 htxp://aan.org.ar
Defacement MW:DEFACED:01 htxp://aan.org.ar/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
Hacked By Abdellah Elmaghribi
IP badness history: https://www.virustotal.com/en/ip-address/173.0.142.43/information/
Very poor Web Rep Status: https://www.mywot.com/en/scorecard/173.0.142.43?utm_source=addon&utm_content=warn-viewsc
9 out of 10 into the red here: http://toolbar.netcraft.com/site_report?url=http://173.0.142.43
173.0.142.43 is listed in the XBL Spammer. Listed at http://www.atma.es/
Certainly a place to avoid…
polonus
polonus
2
Update, another example of this: http://killmalware.com/bastelzwerge.com/#
-http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bastelzwerge.com%2F
ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 -http://www.bastelzwerge.com
Defacement MW:DEFACED:01 -http://www.bastelzwerge.com/404testpage4525d2fdc
Defacement MW:DEFACED:01 -http://www.bastelzwerge.com/404javascript.js
Defacement MW:DEFACED:01 -http://www.bastelzwerge.com/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
HACKED BY AYYILDIZ TEAM INTERNATIONAL FORCE
System Details:
Running on: Apache/2.2.16
index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
Outdated Web Server Apache Found: Apache/2.2.16
About this script kiddie hacking group and what they are in to: http://ddanchev.blogspot.com/2008/07/ayyildiz-turkish-hacking-group-vs.html
polonus