GoFuckYourself.com - Adult Webmaster Forum - View Single Post

The Hun · 07-17-2002, 03:56 PM

Some guy installed spyware on people's machines through most likely exploiting security flaws in MicroSoft's Internet Explorer. This code is doing the same thing gator's programs are doing: put advertising on pages that weren't there before. Smutserver.com is one of the main targets of this hack right now...

I just got off the phone with smutserver and we went in to the problem in detail. The code that was posted by Grumpy in the other thread wasn't found anywhere on any of the machines on smutserver, and it looks like it it locally generated by a piece of spyware on people's computers. I know in Grumpy's office there's a machine that is infected with this, so I'm pretty sure that by tomorrow morning we'll have a fix available...

The code that is loaded is loading offshoreclicks consoles and then the original page in a frame, but pointed to with an IP-address instead of the original URL to prevent the spyware program to trigger again on the frame that is loaded. This does open possibilities to post an easy fix though.

I'll be writing offshoreclicks to see if they're willing to close down these consoles. I worked with 'em before in the past and I'm pretty confident they're willing to look in to this.

In the mean time I'm tracing down what sites are affected by this Russian cheater to make sure the listings of those sites are layed off for a while.

As soon as a fix is available I'll post it here. This hacker has the possibility right now to ad domains to his program and pop offshoreclicks consoles on any site he whishes... So I think it's pretty important this guy is stopped.

If anybody has any ideas that might be useful, please post 'em here. Remember that this is not something that is "only affecting the free Internet"... if this guy ads gofuckyourself.net to his list offshoreclicks consoles will start popping up every time you close a page here. ALL sites are in risk of being infected...

07-17-2002, 03:56 PM
The Hun Confirmed User Join Date: Jan 2001 Location: The Netherlands Posts: 1,207	There has been a hacker at work... Some guy installed spyware on people's machines through most likely exploiting security flaws in MicroSoft's Internet Explorer. This code is doing the same thing gator's programs are doing: put advertising on pages that weren't there before. Smutserver.com is one of the main targets of this hack right now... I just got off the phone with smutserver and we went in to the problem in detail. The code that was posted by Grumpy in the other thread wasn't found anywhere on any of the machines on smutserver, and it looks like it it locally generated by a piece of spyware on people's computers. I know in Grumpy's office there's a machine that is infected with this, so I'm pretty sure that by tomorrow morning we'll have a fix available... The code that is loaded is loading offshoreclicks consoles and then the original page in a frame, but pointed to with an IP-address instead of the original URL to prevent the spyware program to trigger again on the frame that is loaded. This does open possibilities to post an easy fix though. I'll be writing offshoreclicks to see if they're willing to close down these consoles. I worked with 'em before in the past and I'm pretty confident they're willing to look in to this. In the mean time I'm tracing down what sites are affected by this Russian cheater to make sure the listings of those sites are layed off for a while. As soon as a fix is available I'll post it here. This hacker has the possibility right now to ad domains to his program and pop offshoreclicks consoles on any site he whishes... So I think it's pretty important this guy is stopped. If anybody has any ideas that might be useful, please post 'em here. Remember that this is not something that is "only affecting the free Internet"... if this guy ads gofuckyourself.net to his list offshoreclicks consoles will start popping up every time you close a page here. ALL sites are in risk of being infected...