Website defacement

See: http://killmalware.com/bogisoft.com/
Detected as Riskware.Script.BetterSurf.ctbzhb
Adware/BetterSurf → on removal: http://malwaretips.com/blogs/adware-win32-bettersurf-removal/
https://www.virustotal.com/nl/file/5f577cb507f20254be48ba6a0c773c6bc80a2f51e830ad8172dc0f297ac80b64/analysis/
Detection missed: http://quttera.com/detailed_report/bogisoft.com
Custom errors fail and warnings → https://asafaweb.com/Scan?Url=bogisoft.com
blocked by an extension for me was: http://error.hostinger.eu/? → htxp://devweb.cum.ir/AZediinekiio.style.css media
55 websites hacked and defaced in a similar way: http://evuln.com/tools/malware-scanner/htmlonlockdown.com/
PHP vuln. http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-90935/PHP-PHP-5.2.13.html
http://labs.sucuri.net/db/malware/malware-entry-mwdefaced01

pol

This link blocked: -http://error.hostinger.eu/403.php site listed as PHISH
led to: https://forum.avast.com/index.php?topic=142184.0
See vulnerabilities here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.hostinger.co.uk
e.g.: Results from scanning URL: htxp://www.hostinger.co.uk/js/site.php
Number of sources found: 263
Number of sinks found: 17 → this.domPosition.parent).prepend
could be attacked with "append('<iframe style=“position: relative”…

pol

Also scanned external link: https://asafaweb.com/Scan?Url=devweb.cum.ir%2FAZed.scriptso1.js
and http://jsunpack.jeek.org/?report=782aaf068ac79a1a3283721c1358faf9c3960af6
and Pop-Up code: htxp://dinbror.dk/bpopup
ajax.googleapis dot com/ajax/libs/jquery/1.6.2/jquery.min.js benign
[nothing detected] (script) ajax.googleapis dot com/ajax/libs/jquery/1.6.2/jquery.min.js
status: (referer=wXw.hostinger.co.uk/?)saved 91556 bytes 7622c9ac2335be6dcd3ab8b47132e94089cef931
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined function a.getElementsByTagName *
suspicious:

  • can be abused in Cross-site request forgery attack for load-balancer abuse.

pol