Thread: Google saying BlackBerryCool is harmful?
View Single Post
  (#12 (permalink)) Old
daphne Offline
BBF Spam Killer Moderator
 
daphne's Avatar
 
Posts: 6,313
Join Date: May 2007
Location: on a sunny beach
Model: 9630
OS: 4.7.1.40
PIN: 11001100
Carrier: Verizon - It's the Network
Default 04-16-2008, 05:53 PM
No offense, but it really is not funny. There is no humor in having a site hacked, or getting infected from visiting a hacked site. I'm sure the site owners won't think it's funny to have to shut down their sites while it gets cleaned up and patched.

The German blog has the same probem. See these Google results for the Chinese IP address.

61.155.8.157 - Google Search

Somehow iframes with links to a URL on that IP address have been injected on the Blackberrycool.com and the blog pages. The hidden iframe goes to the malicious URL where an obfuscated javascript exploit loads the malware file. I will have more info on it later. I'm trying to contact the owner of blackberrycool and will have a German malware researcher I know try to contact the blog owner.

It's possible the exploit doesn't work on fully patched PCs, but I wouldn't risk it. The exploit definitely works on my Windows XP totally unpatched virtual machine.
   
Reply With Quote