In the "old days", when a hacker broke into your Web site, he’d usually "tag" it: post a new home page bragging to the world that he’d owned your site.
These days, when the Bad Guys break into your Web site, they usually keep very quiet about it, since they don’t want you (or anyone else!) to know that they’re there. This way, they can add malicious links or iFrames to your pages, or set up a link-farm, or otherwise use your site for their evil purposes.
Monday, we picked up another "Fake Facebook Foto" attack in our logs, and I went to take a look at the site hosting the malware payload, boominggoldstocks.com. Here’s what I saw:
Gee, you think maybe this is a hacked site?
Now that’s Old School hacking.
However, the next question is why an Albanian hacker group would want to announce to the world that they had hacked a site, and were now using it to serve a malware payload in a Fake Foto attack on Facebook. (Especially because most of the FFF attacks I see are conducted in either English or Portuguese…)
The answer appears to be that boominggoldstocks.com has such poor security that it was hacked at least twice, once by a "new school" Bad Guy, who wanted to quietly use it in a malware attack, and also by an "old school" hacker crew, who just wanted to show off…
–C.L.
Leave a reply
