«
»

Warning: Malware Seems to Be Attacking Crib Chatter

I’ve been informed by several diligent chatterers that when they attempt to go to Crib  Chatter from a google search- a malware program attempts to install itself onto their computers.

Apparently- links in the RSS feed are also trying to do the same.

I apologize for the attack.

Apparently- coming directly to the site through the URL is working properly.

I’ll be working to repair these problems as soon as possible.  Thanks for your patience.

Sabrina

This entry was posted on Friday, August 15th, 2008 at 7:55 pm and is filed under general information. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

9 Responses to “Warning: Malware Seems to Be Attacking Crib Chatter”

  1. I thought I was the only one! Don’t install anything that pops up!

    0
    0

  2. Zekas, you scamp! 😉

    0
    0

  3. This is a fairly deep invasion on the CribChatter servers (BlueHost.com).

    When a CribChatter page is requested with a referer of Google, the BlueHost server responds with a 302 (system moved) code that redirects to a (usually Russian) spam server. It behaves normally without the Google referer.

    For example:

    302 Found

    Found
    The document has moved here.

    Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.cribchatter.com Port 80

    Connection closed by foreign host.
    %
    –>

    0
    0

  4. This is a fairly deep invasion on the CribChatter host server (BlueHost.com).

    BlueHost is responding to any request with a referrer of google.com with a 302 error (document moved) and redirecting you to a (probably Russian) spam and virus site.

    Sabrina — let the admins know ASAP.

    For example (all ”
    #html>#head>
    #title>302 Found#/title>
    #/head>#body>
    #h1>Found#/h1>
    #p>The document has moved #a href=”http://87.248.180.90/in.html?s=sg”>here#/a>.#/p>
    #hr>
    #address>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.cribchatter.com Port 80#/address>
    #/body>#/html>
    Connection closed by foreign host.
    %

    0
    0

  5. This is a fairly deep invasion on the CribChatter host server (BlueHost.com).

    BlueHost is responding to requests with referrer of google.com with a 302 (page moved) error and redirecting traffic to a (probably Russian) spam and virus server.

    Sabrina — please let their admins know ASAP.

    Test case (results removed because I can’t get them to post):
    ###
    telnet http://www.cribchatter.com 80
    GET / HTTP/1.1
    Host:www.cribchatter.com
    Referer:www.google.com

    ###

    Kevin

    0
    0

  6. Thank you Kevin!

    This is VERY helpful. Bluehost didn’t believe me about what it was doing until they saw your message. (ha! ha!)

    In the meantime:

    Everyone please don’t click on links within the Feedblitz feed.

    Access Crib Chatter only by coming directly to the site- actually typing in the name in your browser. If you get here that way- the links are fine.

    I’m working to get it fixed as soon as possible!

    0
    0

  7. Ok, we got you fixed up and updated some other vulnerabilities that caused the initial issue, it was only an .htaccess attack this time. Remember, register_globals On = bad !!

    0
    0

  8. Anyone know what that site does? I didn’t click on anything, but the page started to load a couple of times.

    0
    0

  9. Thanks. I had cancelled the feeblitz because of it.

    0
    0

Leave a Reply