VCCircle compromised ???

So i was trying to read VCCircle, and found this..

VCCircle google malware warning

VCCircle google malware warning

————google safe browsing diagnostic page for vccircle————-

What is the current listing status for vccircle.com?

Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 8 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 114 pages we tested on the site over the past 90 days, 83 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-21, and the last time suspicious content was found on this site was on 2010-03-21.Malicious software includes 125 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including 76.76.98.0/, carpetwizards.co.uk/, c5y.at/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including carpetwizards.co.uk/.

This site was hosted on 1 network(s) including AS31815 (MEDIATEMPLE).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, vccircle.com appeared to function as an intermediary for the infection of 1 site(s) including 70.32.113.0/.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain(s), including 70.32.113.0/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

—————-

VCCIcrle_diagnostic_page_courtesty_google

VCCIcrle_diagnostic_page_courtesty_google

So there are chances if you have visited VC Circle recently… Double check your system/AV !!!

Advertisements

4 Comments

Filed under Uncategorized

4 responses to “VCCircle compromised ???

  1. Loose FTP passwords . Either weak or generally saved in FTP client. When saved in FTP client, if the PC having FTP client is infected would allow virus to login to the FTP of the website and add malicious code.

    Its hell of effort to remove infected code and get it reviewed by Google.

  2. Actually it’s pretty easy task.. after taking off the JS code, add your site in webmaster tools and send review request from there, they take your site off their list in 2 odd days..

  3. Hi Deep,

    Check httpfox output of vccircle.com you will get surprised….However view source will not help much !!! 🙂 🙂

  4. I think they cleaned it up, it must be because of the JS script virus, it basically opens up an iframe with the trojan code in it..

    And there is one more type of virus / script which actually, works with only PHP files, it create a new htaccess rule which will redirect all the request to the trojan file and then it will get installed on the machines..

    So, this case must be one of them..

    But since I did not see in action, I won’t be able to comment much on it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s