Hi All,


Please becareful when clicking on the above PTP pages or banners as there is a hijacker virus lurking around on these sites



Pristina1

Thanks for info. but which site are you talking about?
How did you discover it..
2 days ago a site have been hacked (So red the roses). you land on a hacker message when login.
Must be same hacker trying on other sites... They really have nothing to do to do that....

Mtlgold

Hi,

Thanks for your reply. The suspect sites in question are any PTP sites promoting Xray Cash/Orange Biz mails and Cash Desks. I did email both sites to tell them about the virus, but nothing appears to have been done about it.


Pristina1

Do you know which virus it is? If your antivirus went off, did it give a name?

Also which country are you in? If it's in a geotargeted banner or ad it might not be seen by people not in the same country.

One of the 3rd party networks has some vundo pages stuck in banners, I'm just wondering if that's what you've been seeing or if it's something else.

Hi

Thanks for your reply. It's the same virus that has hijacked Rosebiz, as I've just been hit twice by that virus. I'm actually from the UK. Any PTP link that show's Xray cash, when you click on it, if you see Xray Cash/Orange biz page then you will be hit by this hijacker virus. Be careful though, because some PTP email titles are not showing the Xray cash link. Same as Cash Desks PTP email links. With the Banner links, to Xray cash, if you are directed to the pages that i explained earlier, then you will be hit as well, so I'd stay clear of any banner links relating to both Cash Desks and Xray mails, until the situation is resolved.


Pristina1

I do not what is the interest of those hacker to hack a ptr site. The only thing taht may be used maybe email adresses. No site hold money... I am very surpribe that rosebiz already under attack... it just lauch a few week ago...
Nothing to encourage running site when that happen at start.

Have a nice Days will get more safe while surfing..

I didn't know rosebizs had a virus on there or had been hijacked. I just looked at the page code and visited it - the index page - and don't see anything wrong unless there's something rotating in the 3rd party banners (which is possible). I will keep looking though.



Most of the hackings aren't database hackings. The iframe hackers put code on a site, they don't usually take anything from it. The iframes/codes they put on the sites contain viruses and keyloggers so they can steal from people who visit the page or put something nasty on the computer of visitors that the hackers will then earn money from. The type of hacker that hit soredtherose is different, they're called defacement attacks and are not always associated with viruses. Defacement usually hackers do it more to prove that they can attack servers and "look clever". Other than maybe with the exception of these latest domain thefts the hackings aren't even targeting PTR sites, they're more targeting vulnerable servers or just picking up on people who visited a page with a virus recently and getting access to websites they own and then spreading the code that way, since PTR owners tend to visit a lot of nasty virus filled pages (compared to other internet users) they are at high risk.