ve7kjr Posted June 5, 2010 Report Posted June 5, 2010 Anyone experience a hijack on this site this morning ? As I clicked on "jwsound.net" I was redirected to "blackinternet.se" where an exe file "activate.exe" was trying to run. Norton Internet Security stopped the file from running and put in in quarantine. Anyone else have this experience ? Quote
ve7kjr Posted June 5, 2010 Author Report Posted June 5, 2010 I should add, this happened around 10am: Saturday june 05. and lasted for about an hour. Quote
Jeff Wexler Posted June 5, 2010 Report Posted June 5, 2010 Wow... that's some scary sh##! No way of telling how that happened. We just have to hope it doesn't happen again. - Jeff Wexler Quote
ve7kjr Posted June 5, 2010 Author Report Posted June 5, 2010 I have the full url for the site if you if you want to look into it. All other sites I have in favoriites worked fine including cinemaSound. Just noticed right now when I click on the link "discussion group" in cinemaSound I'm redirected to blacketinternet Quote
Marc Wielage Posted June 6, 2010 Report Posted June 6, 2010 I bet this is a DNS (domain name server) problem, where somebody hacked into the DNS that ve7kr is using and that's redirecting to this other weird site. There's always the possibility he has a virus that's trying to force his browser to go to other sites. I would not trust Norton Internet Security if I were you. I would install the entire Microsoft Security Essentials package (which is free), disconnect the computer from the net, and run that and see what you find. (I'm also a big fan of Nod32, which is very good.) It seems like there are more and more really, really nasty viruses out there. To me, this is yet another reason to get... well... that "other" computer. --Marc W. Quote
Ron Lacheur Posted June 6, 2010 Report Posted June 6, 2010 There's always the possibility he has a virus that's trying to force his browser to go to other sites. I would not trust Norton Internet Security if I were you. I would install the entire Microsoft Security Essentials package (which is free), disconnect the computer from the net, and run that and see what you find. (I'm also a big fan of Nod32, which is very good.) --Marc W. I'm betting on this as well. Are you using Internet Explorer? Quote
ve7kjr Posted June 6, 2010 Author Report Posted June 6, 2010 Just tried another computer,windows based same problem. I never share files with the two machines and they are not connectet to each other in any way, both computers are up to date with security features,have used norton for over 12 years and never had a problem that it didn't catch. The "redirect" seems to come and go all day. Some of the links on CinemaSound site "Discussion Group and Jeff Wexler's blog" cause the redirect as well. Member Jeff Babb had the same problem as well,and looks like he is running a mac system. So I don't think there is a problem at my end,but somewhere in the system,maybe the server the site is hosted on, but that that doesn't explain why the CinemaSound site would have the same problem,i would think it is hosted on a different server. If need be,I will go to the computer stores tomorrow and try several different computers both Mac and PC to prove the problem is not at this end. Phil Quote
Laurence Posted June 6, 2010 Report Posted June 6, 2010 Marc, you may be right about it being a DNS hack... or it could be a hack at the server level. I just tried going to www.lunarpages.com, which is the web host for www.jwsound.net... because I was going to refer one of my website clients to them and I want to look up prices... but instead of going to the Lunarpages website, guess what page loaded. Yup... www.blackinternet.se. It could be DNS or it could be that the zone files at Lunarpages have been hacked. One way to test out which it might be is for other people here to go to www.lunarpages.com right now. it's 6:45 pacific time and I'm on the TimeWarner system, so if other users on TimeWarner are getting the same thing right now, but non-TimeWarners users are not... then we know it's a DNS hack. If everyone is getting redirected right now, then it could still be a DNS or a Lunarpages hack. Laurence Quote
Jeff Wexler Posted June 6, 2010 Report Posted June 6, 2010 Just tried another computer,windows based same problem. I never share files with the two machines and they are not connectet to each other in any way, both computers are up to date with security features,have used norton for over 12 years and never had a problem that it didn't catch. The "redirect" seems to come and go all day. - snip - Phil I think we can rule out any local infection since this has occurred on at least 2 computers, a Windows PC and a Mac, different ISP's and different browsers. I am hoping that Laurence A. can shed some light on this. Laurence is my go to guy for any and all of these web things. One question to you, Phil, how are you able to get onto this site properly so as to post the message above? The re-direct is arbitrary and intermittent? - Jeff Wexler Quote
Laurence Posted June 6, 2010 Report Posted June 6, 2010 Lunarpages has been hacked. Here is what they say: "We are currently experiencing an issue with our Las Vegas datacenter that appears to be in our nameservers. Our techs are aware that sites are being redirected elsewhere and are working on it as quickly as possible. We will let you know once it is corrected. Unfortunately, we cannot provide an ETA." Laurence Quote
Eric Toline Posted June 6, 2010 Report Posted June 6, 2010 FWIW, I just went to C-Sound and had no problem getting into the discussion group. I'm on Windows XP Pro, IE8 via AT&T U-Verse fibre optic service. Eric Quote
Jeff Wexler Posted June 6, 2010 Report Posted June 6, 2010 Lunarpages has been hacked. Here is what they say: "We are currently experiencing an issue with our Las Vegas datacenter that appears to be in our nameservers. Our techs are aware that sites are being redirected elsewhere and are working on it as quickly as possible. We will let you know once it is corrected. Unfortunately, we cannot provide an ETA." Laurence Thank you Laurence for the detective work! So, there is the answer, we'll just have to be patient. Isn't the Internet great! - Jeff Wexler Quote
Derek H Posted June 6, 2010 Report Posted June 6, 2010 No problems here (and was on the site late last night) running thinkpad with linux OS (ubuntu 10) and latest firefox Quote
Laurence Posted June 6, 2010 Report Posted June 6, 2010 Lunarpages now says it's been fixed... "We really apologize for the inconvenience. One of server IP addresses got spoofed we already took measures for that to not happen in the future." ...although I'm still seeing the re-direct when I go to www.lunarpages.com. But that could be caused by dns-caching at the ISP. If the problem is truly fixed, it should be all cleared up for everyone within a few hours when the DNS servers have all refreshed. Laurence Quote
ve7kjr Posted June 6, 2010 Author Report Posted June 6, 2010 "One question to you, Phil, how are you able to get onto this site properly so as to post the message above? The re-direct is arbitrary and intermittent?" That's the crazy thing Jeff it was intermittent all day and well into the night,I went to bed about 2AM: One moment the site was fine and 5Min: later a redirect. That's why when I went to my second computer that has never shared files With this one,or been remotely connected to it,the problem wasn't at my end. The only internet sites the two computers would have in common would be google,norton,jwsound and cinemasound. Phil Quote
ve7kjr Posted June 6, 2010 Author Report Posted June 6, 2010 Here is a screen shot with the file info. Quote
RPSharman Posted June 6, 2010 Report Posted June 6, 2010 And on a similar note.... Tried to log into 695 site today. It took me to a weird website in Europe promoting some web services and gear, it seems. http://www.blackinternet.se/ Robert Quote
ve7kjr Posted June 6, 2010 Author Report Posted June 6, 2010 Robert,when your redirected to "blackinternet" site,it sends a little payload to your computer in the form of an EXE file. See my screen shot ! My Internet Security "norton" was able to stop it before it unpacked itself. Phil Quote
Laurence Posted June 6, 2010 Report Posted June 6, 2010 Robert, you got the same redirect at 695.com that some visitors to jwsound.net have experienced.... which is not surprising because 695.com and jwsound.net both share the same web host, Lunarpages which got hacked over the weekend, resulting in the redirects that people have been experiencing. Your report of 695.com redirects is the first I've heard. For reasons not clear, the jwsound.net redirects were occurring intermittently but Lunarpages now reports that the problem has been corrected. Having said that, it's possible that some redirects will continue to occur for a brief time, while ISP's with cached domain name servers await a refresh. Robert, you should be able to reach 695.com if you try it now. Please let me know if that's not the case. Laurence Quote
Christian Holm Posted June 6, 2010 Report Posted June 6, 2010 Sadly enough .se is Sweden... Reading the "black internet" site is not making much sense.. can't make out what they are selling.. Hmm... //Christian Quote
RPSharman Posted June 6, 2010 Report Posted June 6, 2010 Still redirected as of now. Cleared cookies, etc. Quote
Eric Toline Posted June 7, 2010 Report Posted June 7, 2010 Sadly enough .se is Sweden... Reading the "black internet" site is not making much sense.. can't make out what they are selling.. Hmm... //Christian Here's what I found from almost 1 year ago: Swedish authorities target Black Internet and take The Pirate Bay offline Aug. 24, 2009 (4:43 pm) By: Matthew Humphries [img alt=thepiratebay width=298 height=200] The Swedish authorities, for the time being, have been successful in taking The Pirate Bay offline. The feat was managed by way of targeting the ISP Black Internet which currently provides the site with its bandwidth. Black Internet were given a choice: either cease providing bandwidth for The Pirate Bay or be hit with a fine of around $70,600. In the end it was an easy decision to make and so as to not be lumped with a bank-busting fine, The Pirate Bay was shut off and is currently inaccessible. The offline status of the site may not remain for very long, however, if it manages to find an alternative provider and one not likely residing in Sweden. Current estimates from the site say it will be fully-functional again by tomorrow morning. Peter Sunde recently resigned as spokesperson for the site so a response to the action came from The Pirate Bay’s Rick Falkvinge instead. He said: <blockquote> This is absolutely ridiculous. The Court seems to consider themselves above the Constitution. This clarifies how copyright law has become untenable, and how information is lacking political skills in the judiciary.</blockquote> A post on The Pirate Bay blog has also appeared stating: <blockquote> The MAFIAA has spent millions of dollars and endless amounts of time to get this ban in order. Our guess is that they also bribed a bit to get it since it violates so many laws not only in Sweden but also in the EU, not to mention violations against human rights. And what do they have to show for it? 3 hours of partial downtime.</blockquote> It is currently unclear what reasons the Swedish authorities have given for the action taken against Black Internet, but is surely going to be related to the court case defeat earlier this year and continued pressure from the music and movie industry to take the site down. Read more at TorrentFreak Matthew’s Opinion There are reports that the site is already back up, but I can’t access it or the blog post that quote above was taken from. With a site going offline it can take a while for everyone to regain access and especially if it is getting a lot of traffic testing whether it is back up or not, so it may load for you. I really want to know the reasons why the Swedish authorities could fine Black Internet. They must have quoted some breach of the law, but what was that breach? Black Internet was left between a rock and a hard place as $70,600 is a lot of money to all but the largest of companies. It wasn’t a battle they could really choose to fight. I would also like to know who the new bandwidth provider is for the site. I doubt it’s in Sweden and if it isn’t and resides in a country which isn’t on such good terms with Hollywood then it could be a lot more difficult to take it offline again. Read more: http://www.geek.com/articles/news/swedish-authorities-target-black-internet-and-take-the-pirate-bay-offline-20090824/#ixzz0q7oSfCPQ Quote
Marc Wielage Posted June 7, 2010 Report Posted June 7, 2010 Ah, that makes sense. If the webhost itself is hacked, all bets are off. The good news is, hopefully the members here have NOT gotten their computers infected. I really hate hearing stories like this, because it's such a senseless waste on the part of the hackers. You have to wonder what these morons are trying to accomplish... other than just F with people. --Marc W. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.