Sometimes it is pretty obvious when a site has been hacked:
Beside the error messages on the page, how about a Java application named PayPal? Or a script to display the passwords stored on the server?
Let’s take a look at the ‘PayPal applet’ (click to enlarge):
Here is a piece of code that grabs the infected computer’s information, such as OS version, Java version etc…
Let’s check out what this domain (vuzia.com) is:
It’s actually a forum dedicated to hacking web servers:
A somewhat restricted forum you might say, as you need to be a ‘paying customer’:
What exactly are they selling on this forum? Well, how about custom Java malware scripts?
Here are some excerpts of a post describing what to hack and how to do it:
“Because I wanted to show how effective my software works, and make a good impression on the infection rate, I needed traffic.”
“Websites that had a java pop up on them by default, because that is what my driveby does too. So to reduce suspicion I needed that.
“Well what is the best high traffic place to find this, filled with people that press run without even looking? Runescape.”
“I looked up some private server domains, pinged them, got their IP, and nmapped them.”
“I than just googled all the software, looking if there were any public exploits for them.”
“You’re able to exploint at least 10 servers in one hour.”
Full transcript below (click to enlarge):
Although the forum was created a few days ago, there are already about 50 registered users:
So many servers are running old versions of various software programs. You can see that all it takes is a bit of googling and a few tools to start a hacking spree.
If you’d like to scan your site to make sure it is all patched and secure, feel free to use our free website scanner. It will give you a report showing any vulnerability that may exist.