04-17-2012, 09:49 PM
Hi Everyone.
It comes up to my attention that bestblackhatforum.com was been labeled as a "malware site".
About last week we're been attacked by hackers and injected malicious scripts.
![[Image: 93251957.png]](http://img41.imageshack.us/img41/3374/93251957.png)
That causes the popup to appear something like this, coming from this site.
![[Image: 90359031.png]](http://img805.imageshack.us/img805/3138/90359031.png)
All we thought its been fixed by Direct Download already.
But now as we see the site bestblackhatforum.com was already been labeled as a "malware site"
On the Google WebMaster Tools i saw this
![[Image: malwar3.png]](http://img515.imageshack.us/img515/5746/malwar3.png)
Further more details of infection,
On redirector.php it shows this one:
![[Image: 62631653.png]](http://img689.imageshack.us/img689/2709/62631653.png)
while on the 2 threads detected it shows this one:
![[Image: 24216913.png]](http://img515.imageshack.us/img515/7114/24216913.png)
So what i did was on the redirector.php i had it removed this one
![[Image: 61966456.png]](http://img268.imageshack.us/img268/5968/61966456.png)
and i even DELETED the redirector.php just to be sure.
But on the 2 threads that was been detected i cannot find any malicious code inserted like this:
![[Image: 21669806.png]](http://img801.imageshack.us/img801/8395/21669806.png)
But as what i believe this one started on our private chatbox that was been detected as "HTML/Infected.WebPage.Gen3 HTML script virus" upon looking infected scripts i found out this was been injected on the js scripts:
![[Image: 13624896.png]](http://img190.imageshack.us/img190/4820/13624896.png)
I already removed this code. And for the mean time i even DISABLE our private chatbox inside supervip room to avoid it from being injected by malicious code again.
Regarding the chatbox inside supervip room. Please allow me some time i will replace it with a new one right after we're done with the infection.
Further more investigation, i found out that even my mozilla was been embed by malicious code too.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ykmnqoc1.default\sessionstore.js (all sessionstore.js) <-- Please go to your MOZILLA directory and delete all sessionstore(s) .js script
It looks something like this.
![[Image: 39207736.png]](http://img195.imageshack.us/img195/5831/39207736.png)
I already did this.
And i gonna submit now our website for "Malware Review"
For now guys, i am really sorry for the inconvenience.
It seems like the more this forum become popular the more we become vulnerable to an attacks.
For now i am really asking sorry for the inconvenience.
On mozilla when you visit this site and prompt for virus warnings.
Just ignore the warning for now and click "proceed anyway"
The same thing it goes on other web browser like google chrome.
Just ignore the warning for now.
And on your Anti Virus software just add this site on the exclusion list/trusted list.
Anyway, this warning error will be going to be fixed soon. I am personally working with this.
Again my apology to everyone.
And thank you for trusting us and staying with us.
Thanks for reading.
-ADMIN
It comes up to my attention that bestblackhatforum.com was been labeled as a "malware site".
About last week we're been attacked by hackers and injected malicious scripts.
That causes the popup to appear something like this, coming from this site.
All we thought its been fixed by Direct Download already.
But now as we see the site bestblackhatforum.com was already been labeled as a "malware site"
On the Google WebMaster Tools i saw this
Further more details of infection,
On redirector.php it shows this one:
while on the 2 threads detected it shows this one:
So what i did was on the redirector.php i had it removed this one
and i even DELETED the redirector.php just to be sure.
But on the 2 threads that was been detected i cannot find any malicious code inserted like this:
But as what i believe this one started on our private chatbox that was been detected as "HTML/Infected.WebPage.Gen3 HTML script virus" upon looking infected scripts i found out this was been injected on the js scripts:
I already removed this code. And for the mean time i even DISABLE our private chatbox inside supervip room to avoid it from being injected by malicious code again.
Regarding the chatbox inside supervip room. Please allow me some time i will replace it with a new one right after we're done with the infection.
Further more investigation, i found out that even my mozilla was been embed by malicious code too.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ykmnqoc1.default\sessionstore.js (all sessionstore.js) <-- Please go to your MOZILLA directory and delete all sessionstore(s) .js script
It looks something like this.
I already did this.
Code:
http://www.stopbadware.org/home/securityFor now guys, i am really sorry for the inconvenience.
It seems like the more this forum become popular the more we become vulnerable to an attacks.
For now i am really asking sorry for the inconvenience.
On mozilla when you visit this site and prompt for virus warnings.
Just ignore the warning for now and click "proceed anyway"
The same thing it goes on other web browser like google chrome.
Just ignore the warning for now.
And on your Anti Virus software just add this site on the exclusion list/trusted list.
Anyway, this warning error will be going to be fixed soon. I am personally working with this.
Again my apology to everyone.
And thank you for trusting us and staying with us.
Thanks for reading.
-ADMIN
![[Image: exploit.png]](http://img857.imageshack.us/img857/7353/exploit.png)
