The Latest in IT Security

Chaka Khan Official Website: “This site may be compromised”

12
May
2011


If you happen to go looking for Chaka Khan information (and come on now, who wouldn’t be doing that) then the first result you’ll see in Google is the Official Chaka Khan website. Unfortunately there’s a message from Google added to the listing: “This site may be compromised”.



Google has this to say about that particular notification:

“This site may be compromised” and “This site may harm your computer” warnings

To be clear, when our malware detection system classifies a site as potentially hosting malware, we show a “This site may harm your computer” message. When we believe a site may be hacked or compromised but have not detected malware, we display “This site may be compromised” as an alert. In both cases, our detection might not be perfect — we continually work on improving our system — but it would be wise to proceed with caution.


Not your regular “Look out, Malware everywhere” type warning – only that something may or may not have been tampered with. From the source code of the frontpage:


Click to Enlarge

You may ask yourself why lots of links to free webhosting are stuffed inside the code, and that would be a very good question. Quite a few search results exist for these links:


Click to Enlarge

If you check out the Site Advisor results for the official Chaka Khan website there’s a comment from January 19th complaining about exploits:

Followed link because of the McAfee green check-mark, and browser was immediately hijacked… it launched a different web page that was made to look like a virus scan called “av8scan”.

“AV8” would be Antivirus 8, a Rogue AV program. The links in the code currently present the user with a “Download here” splash screen, before taking them to an MP3 website:





Click to Enlarge

Elsewhere, those links in the Chaka Khan website code are being used for more general forum spam:


Click to Enlarge

If I had to guess, those links on the Chaka Khan site look like leftovers from whatever compromise potentially took place some time ago. We’ve notified the site owners, and hopefully they’ll clean things up a little bit.

Christopher Boyd (Thanks to Jovi Umawing for additional research).

Leave a reply


Categories

WEDNESDAY, SEPTEMBER 20, 2017

Featured

Archives

Latest Comments

Social Networks