FMA Intel-Secure home page attacked by ransomware??

[Nico@FMA]

Is this a freaking joke? I get a call at home from OVH technical staff that some script is bashing my site?
Really? dulesky.0pu .ru
Seems some server has randsomware on it and tries to inject it in my site? For some odd reason i cannot look up server side (guess the script blocks it to avoid me finding out who or what so maybe one of you guys can do a trace and post me the details.

Be carefull..

Cheers

 

[Petrovic]

 

[Nico@FMA]

Thats russian or so... please english..

 

[BoraMurdar]

 

[Nico@FMA]

LOL thats my own server you are tracing.
This is the attacker: dulesky.0pu .ru
And this is MY site: http://fma-is.com

 

[BoraMurdar]

LOL thats my own server you are tracing.
This is the attacker: http://dulesky.0pu.ru
And this is MY site: http://fma-is.com

Ah didn't understand what do you want
Sorry

 

[Secondmineboy]

Tracert the attacker.

 

[Malware1]

hxxp://dulesky.0pu.ru/ hosts Pony stealer, i'll add it to CyberTracker.

 

[Malware1]

@Roxas seems to be the owner of this site. Tiranium staff...

hxxp://dulesky.0pu.ru/ransom.html

Xehanort is his ransomware.

"Test Bypassing" - so still developing it ?

 

[Nico@FMA]

http://dulesky.0pu.ru/ hosts Pony stealer, i'll add it to CyberTracker.

Thanks.

I have already blocked host & ip & domain using server side firewall, session, cookie and .htaccess
Also i have blacklisted the domain at malicious URL reporter (security feature by OVH if a site tries to hack it will be blacklisted world wide)
So it will not take long before google will block it as well.

Pony is a credential stealer and is also used to install banking Trojans such as Zeus. Pony is typically installed onto a computer via a malicious website.

 

[Secondmineboy]

@Roxas seems to be the owner of this site. Tiranium staff...

No comment on that. Why should he host such a website

VT: https://www.virustotal.com/en/url/4...960af0af57809ada6f0b8e51/analysis/1412523055/

Google: http://www.google.com/safebrowsing/diagnostic?site=dulesky.0pu.ru

McAfee: http://www.siteadvisor.com/sites/dulesky.0pu.ru

Norton: http://safeweb.norton.com/report/show?url=dulesky.0pu.ru

 

[Malware1]

No comment on that. Why should he host such a website

VT: https://www.virustotal.com/en/url/4...960af0af57809ada6f0b8e51/analysis/1412523055/

Because he's a malware writer. I've edited my previous post.

 

[Secondmineboy]

Theyre working on a web blocking feature, so maybe it has something to do with it.

Sucuri: http://sitecheck.sucuri.net/results/dulesky.0pu.ru

Take a look on Website details

 

[Malware1]

Theyre working on a web blocking feature, so maybe it has something to do with it.

Then why Pony is installed there? And there's some page related to Xehanort ransomware.

 

[Secondmineboy]

List of Links Found
.quarantine/
.tmb/
Pony/
_file-manager/
download.html
ransom.html

 

[Nico@FMA]

Theyre working on a web blocking feature, so maybe it has something to do with it.

Sucuri: http://sitecheck.sucuri.net/results/dulesky.0pu.ru

Take a look on Website details

Lol this sitecheck.securi.net even classes my website as malicious and says i got 404javascript.js on my site which rewrites the .htaccess file.
Really? Lol you got to be kidding me right?
Thats the biggest joke in history.

 

[Malware1]

@Roxas, I see you're reading the topic, now I get a forbidden error.

 

[Secondmineboy]

Account unavailable for me.

Roxas was last seen 3.11 PM for me.

 

[Malware1]

Account unavailable for me.

@Roxas, I see you're reading the topic, now I get a forbidden error.

 

[Malware1]

Roxas was last seen 3.11 PM for me.

Maybe he didn't login to his account. Or that isn't Roxas, but someone else using Xehanort.
That's strange anyway, the site isn't available since I posted in this topic.