General discussion

User picture

Not sure how to do a rating for this

nie 24 sie 2008 01:34:41 UTC — Salila

I clicked a link in google returns:

http://rollyo.com/Selene-Luna962

Although it had a green dot next to it in the google returns, as soon as I clicked it, I was immediately bombarded with attempts to install software, which, thanks to Firefox, I was able to escape.

The "root" url, if that is the correct term, http://rollyo.com does not do that.

Obviously, the link I clicked should not have a green dot, but the root url does not do the bad stuff.

So could someone tell me the correct way to proceed? How can I warn others about the link I clicked without saying something inaccurate about rollyo.com by itself?

(If this question has been asked and answered somewhere, please forgive my ignorance and point me to the right place. I did look)

User picture

Malware

nie 24 sie 2008 02:43:25 UTC — MysteryFCM

Unfortunately, you can't rate individual folders, only actual domains. In this case, it would be prudent to report the URL to rollyo. From their contact page;

teamrollyo |at| gmail |dot| com

The actual malware itself, is coming from;

sc24.name/g.js

Ref:
http://vurl.mysteryfcm.co.uk/?url=http://sc24.name/g.js

When g.js is loaded and decoded, it then proceeds to load;

stat.newadultvidz.net/in.cgi

Ref:
http://vurl.mysteryfcm.co.uk/?url=http://stat.newadultvidz.net/in.cgi?5&seoref=http://sc24.name/g.js&parameter=$keyword&se=http://sc24.name/g.js&ur=1&HTTP_REFERER=http://sc24.name/g.js&default_keyword=none

This tries foisting a known rogue (Antivirus 2008) on unsuspecting users.

User picture

rollyo.com has been hacked

nie 24 sie 2008 03:22:49 UTC — logicman

Hackers have placed a redirect in the root folder of rollyo.com.

It redirects to security-scan-pc.com - where a rogue antivirus program
attempts to install itself and infest the computer with a trojan.

Do NOT go to either of these sites. I checked this using a sandbox
and other security measures. Going to these sites will put your
computer at risk of infection.

If you have already visited either of these sites, run an anti-virus check NOW.

[edit]
While I was checking this, MysteryFCM has posted a reply.
I have no doubt it is more accurate than mine.

User picture

It's not .....

nie 24 sie 2008 04:15:27 UTC — MysteryFCM

.... been hacked ;o)

The folder is a user created folder - not the work of hackers.

User picture

But why...?

śro 27 sie 2008 05:00:54 UTC — phantazm

Is it hacked or not? And could you explain why you think so..?

At least I think its obvious that something doesn't match:

On http://rollyo.com I read this: "Rollyo offers the ability to search the content of a list of specified websites, allowing you to narrow down the results to pages from websites that you already know and trust."

But here http://rollyo.com/Selene-Luna962 I read this: "A few moments of silence pass as they let their breathing and pulses subside. He couldn't resist kissing her firm tits and giving each nipple a little suck. s head was filled with daydreams and sexual fantasies. First Selene Luna must remove the old ones she barks. I guessed he was no virgin when I found a load of condoms in a jacket I was washing for him. Then Selene Luna legs were soaped up and once again, the task was started on my feet, working up towards my crotch...."

Doesn't seem to be the same site...

By the way: After reading Salilas comment "as soon as I clicked it, I was immediately bombarded with attempts to install software", I thought I'd like to take a look without clicking anything, not even entering the site. So I rembembered that I had InterClues preview installed, and used that to look ahead on my behalf. Maybe this could be a good idea in general...?

User picture

hacked or not?

śro 27 sie 2008 08:37:08 UTC — logicman

On going to the root, there was no problem.

Putting in the path caused a redirect which landed up on another site -
security-scan-pc.com

AVG8 immediately reported a trojan, so I killed the sand-box.

I have been seeing a lot of innocent hacked sites lately, mostly
advertised in spam. There are a lot of rogue AV variants which
all exhibit much the same behaviour - showing a 'system scan'
whilst putting one or more trojans on the computer.

User picture

Thanks! I sent a msg to rollyo

sob 27 wrz 2008 21:30:50 UTC — Salila

Thanks to all the people who checked it out using Magic and Arcane Powers and explaining it all, even though I cannot claim to comprehend the fullness of nerdish nuances, I do understand that that page does indeed have a Bad Thing (TM).

I wish I could say I was relieved to know it was not just me being overly cautious, but I hate to think of all the people who don't have WOT or anything to protect them and are even more clueless than me. (yes, such a thing is possible. Stop smirking).

And I know lots of people will be googling Selene and going to that page because she is on a very popular TV show that is kind of new.

Copyright Against Intuition oczekujący patent