Friday, December 21, 2012

Namiga.org Hacked?



This is only a preliminary warning. I don't have the time to investigate further.

It appears the Namiga.org website was attacked.

This morning I spotted evidence of tampering on these pages:
http://www.namiga.org/index.php/contact-us
http://www.namiga.org/index.php/about-us

_________________________________________________

Examining page source revealed malicious code:
script language="JavaScript">var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','877886888787','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];
t=z='';
for(v=0;vif(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');

Where we will do is definitely of being accepted your eligibility.....

_________________________________________________

The code included links to the following sites:

http://newquickcash.com/
http://cheapcashadvanceonline.com/
http://personalcashloanonline.com/
http://fastcashtransaction.com/
http://quickestpaydayloanonline.com/
http://internetcashadvanceonline.com
http://cashloanssolutions.com/
http://quickestpaydayloanonline.com/
http://mortgagebankpaydayloans.com/
_____________________________________________________

The above Phishing sites offer easy payday loans as bait. Do not visit them as they may also contain malware. All of them appear to be hosted by newquickcash.com



newquickcash.com domain info:
Registrant: Static Storm LLC
Currently hosting about 23 domains.

Domain Name: newquickcash.com
Registered at http://www.dynadot.com

Registrant:
Static Storm LLC
Annie C. Dunn
552 Jett Lane
Santa Monica, CA 90404
United States

Administrative Contact:
Static Storm LLC
Annie C. Dunn
552 Jett Lane
Santa Monica, CA 90404
United States
lee_gerstein@yahoo.co.uk
+1 310-694-1873

Technical Contact:
Static Storm LLC
Annie C. Dunn
552 Jett Lane
Santa Monica, CA 90404
United States
lee_gerstein@yahoo.co.uk
+1 310-694-1873

Record expires on 2013/10/30 UTC
Record created on 2012/10/30 UTC

Domain servers in listed order:
ns1.newquickcash.com
ns2.newquickcash.com


More info will be provided when I'm able.
Be advised your namiga.org account *may* be compromised.
But don't panic. Hopefully this attack is limited to site pages, and the database is secure.

**I called and alerted NAMI about this threat. They were very attentive to my concerns, and took immediate action by contacting their webmaster. I also contacted registrar Dynadot to report illegal activity with these domains.

*Update: The original spam text was removed, but now replaced with these new phishing site links:

paydayloans10thgq.com/
paydayloansmatters.com/
paydayloans10nopo.com
paydayloans10ihdx.com
paydayloans10dokp.com
paydayloans10ukhw.com/
paydayloans10jbkk.com
paydayloansfromnowon.com









No comments:

Post a Comment

Thank you for your helpful comments! Comments moderated due to spam and angry scammers. Please be patient. Copy your comments before clicking publish so you don't lose them to errors. If your comments won't publish, try a different browser. *NOTE: For your protection and privacy I advise readers to comment anonymously. Bookmark this page then log out of all Google accounts & close all Google site tabs or windows, including Youtube. Then return to this blog and post your comment anonymously.