An Interesting Development

| | Comments (0)

I came across a number of websites hacked over the last few weeks using an SQL injection - the same exploit used by script-kiddie tearway The Punisher. I quickly realised this person was hanging out on the same forums as our Punishing pal, and quickly traced him back to his main website. Well, it appeared his site had only just launched and did nothing else than serve as a placeholder for whatever material he'd be uploading in future. Note how he attempts to pass the site off as somehow belonging to Network Solutions so as not to attract attention:

http://blog.spywareguide.com/upload/2008/04/russ1-thumb.jpg
Click to Enlarge

Well, a few weeks have passed and now, if you visit his site, you'll notice a very interesting difference:


http://blog.spywareguide.com/upload/2008/04/russ2-thumb.jpg

Click to Enlarge

All of the text has suddenly been switched to Russian, presumably in the hope that casual snoopers will think "nothing to see here, move along". If you click the "leave page" hyperlink (after having refused to agree to their terms), it attempts to play a terrible MP3 - just to confuse the visitor further.

They've also pasted a seemingly endless stream of banner ads on the lower section of the page - casual vistors will think the site is nothing more than a Russian affiliate ring stuffed full of "win it now" iPod deals, commission links and affiliate schemes. Again, it's all lies - none of the banners are clickable, they've just been pasted in randomly onto the page.

russ3.jpg

Finally, click "I accept" and you're taken to a forum (that only appears to have been in existence for a very short time) with the following "go away now" message:

russ4.jpg

Pretty sophisticated for a garden variety script kiddie, especially given the extremely unimaginative website defacements he was previously rolling out. It also begs the question - why is he so cagey, and what is he trying to hide? More importantly, how did he come about the idea of pretending to be a Russian affiliate guy in the first place?

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on April 23, 2008 2:35 PM.

A Timely Reminder For EBay Sellers was the previous entry in this blog.

Tech Talk Radio: RSA 2008 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.