Monday, March 9, 2009

There's a bit of bad luck!

*** WARNING - This website is probably still hacked and infective, so please don't go there unless you really know what you're doing***

A couple of days ago, LinkScanner started detecting (and blocking) a page of a UK gov website, so we thought we'd take a look. This is the screen we were presented with ...




The "Fatal Error ownz you" is a fair clue that something is not quite right here. ;-)

While reading that, you are quickly and automatically redirected to this website ...




I'm reasonably confident that a Brit government website shouldn't be transferring you to (what I think is ) a Turkish one, so this is a fair second clue that something is wrong.

Once we establish that a site is hacked, we like to see how long it has been hacked, because mostly it's quite a quick thing ... most sites get hacked and cleaned up in under a couple of days... The best way to find out is to look at the search engine cached pages, so we had a look at the google cache, and to our surprise, we saw this page.... (again, don't even go to the cached pages, unless you know what you're doing, because if the page was infective when the search bots indexed it, it'll still be infective in the cache) ....




On January 24th, when the google bots crawled by, it was hacked again, by a different crew! That's what's known in the biz as a Bit Of Bad Luck (tm) !

So, just to be sure that they are not serially and constantly hacked, we consulted two more caches... The msn Live cache snapshot was taken on March 4th, and shows it clean...




and the ask.com cache snapshot was taken on January 7th, and it was clean then too.




The webmasters are obviously cleaning things up as quickly as they realize they have a problem, but seemingly have yet to plug the hole that the Bad Guys are using to get in. It just shows how tricky it is to keep your websites clean, and it shows how pointless it is to blacklist websites via a central database... it's always too slow to realize something is hacked, and too slow to realize it's cleaned up.

Stay safe folks,

Roger

To be notified of blog updates, please follow me on Twitter

No comments: