Wednesday, February 24, 2010

Website redirects to malicious virus site - malware, trojans, adware, spyware

Recently had to deal with a client's major website problems - someone had managed to log into the webhost server and modified some settings to cause any traffic coming through the major search engines to be redirected to a malicious website which would quickly infect the user's computer with up to a dozen viruses, trojans, spyware and adware.

Turns out that the web server's hidden ".htaccess" file had been hacked, causing search engine traffic to be redirected to the malicious site. Accessing the correct website directly was not a problem; just coming through a search engine like Google, Bing, MSN, AltaVista, Ask, etc. would lead to the redirects.

Here's some info about the problem from Stopbadware.org:

.htaccess redirects

The Apache web server, which is used by many hosting providers, uses a hidden server file called .htaccess to configure certain access settings for directories on the website. Attackers will sometimes modify an existing .htaccess file on your web server or upload new .htaccess files to your web server containing instructions to redirect users to other websites, often ones that lead to badware downloads or fraudulent product sales.

 

Other techniques used by hackers to redirect your website traffic:

Malicious scripts are often used to redirect site visitors to a different website and/or load badware from another source. These scripts will often be injected by an attacker into the content of your web pages, or sometimes into other files on your server, such as images and PDFs. Sometimes, instead of injecting the entire script into your web pages, the attacker will only inject a pointer to a .js or other file that the attacker saves in a directory on your web server.

Many malicious scripts use obfuscation to make them more difficult for anti-virus scanners to detect:



Some malicious scripts use names that look like they’re coming from legitimate sites (note the misspelling of “analytics”):



If you need additional help with a similar problem, email me at
info@northdelta.net

tags: malware, malicious, virus, trojan, re-direct, web site problems, tech support, can't access my website, htaccess, worms, ad ware, spy ware, 188.72.246.96 antivirus