Feb 20 2008

Taiwan’s Nautica Retailer Pwn3d

Published by at 9:16 pm under Hacking for money,Taiwan

The Nautica clothing site in the Republic of China has been compromised by a malicious iframe that redirects to very well-known rogue anti-spyware pushers often associated with the Russian Business Network.  If the site is searched on Google, the index listing indicates that “This site may harm your computer”.

 Google index of Nautica TW      

So naturally, the first thing I do is check it out.  


I was a little bit disappointed that all I found was an iframe redirect to meoryprof.info which 302′s to spywaresafe.net, which refused my connection.   Initially I thought it was because I was using wget so I passed a valid looking IE user-agent string to it and was still refused.  Google’s cache only shows the text “sl0n” on the site.  Not very effective malware, I guess. Most of these fake anti-spyware programs don’t use packers, debugger detection or any anti-RE techniques.  I have about 40 or so different versions of this type of malware.  

Comments Off

Comments are closed at this time.