Micronichetool reported attack site!??

13 replies
Just a moment ago I visited micronichetool dot com, knowing this site from newsletters from James J Jones to download the micronichefinder tool.

I got an email from JJJ before saying:
Bad new...
I just raised the price of my Micro Niche Finder software to $97.00. (it was $67)
There are links leading me to the "new" sales page for micronichefinder.

When I visited the original sales page, there is a reported attack site warning from google:

What happened when Google visited this site?
Of the 12 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-01-24, and the last time suspicious content was found on this site was on 2009-01-24.Malicious software includes 2 trojan(s). Successful infection resulted in an average of 1 new processes on the target machine.
Malicious software is hosted on 1 domain(s), including megatt.cn/.
This site was hosted on 1 network(s) including AS21844 (THEPLANET).
Anyone can confirm what's going on?
#attack #micronichetool #reported #site
  • Profile picture of the author Paul Myers
    Most likely scenario is a vulnerable PHP script that was exploited to crack the server and set up the drive-by download.

    I've emailed James about it.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[458384].message }}
  • Profile picture of the author GeorgR.
    MNF was what got my AW account suspended, i targeted his site and had an adgroup for MNF.

    I hope they re-instate my account, i deleted all MNF adgroups.

    I feel bad for James also.
    Signature
    *** Affiliate Site Quick --> The Fastest & Easiest Way to Make Affiliate Sites!<--
    -> VISIT www.1UP-SEO.com *** <- Internet Marketing, SEO Tips, Reviews & More!! ***
    *** HIGH QUALITY CONTENT CREATION +++ Manual Article Spinning (Thread Here) ***
    Content Creation, Blogging, Articles, Converting Sales Copy, Reviews, Ebooks, Rewrites
    {{ DiscussionBoard.errors[458484].message }}
    • Profile picture of the author Paul Myers
      I had to help a friend get rid of one of these things this weekend. Ugly process, as the thing was everywhere, and progressively disabled/hijacked her browser.

      These are the online creeps I would most like to see body-slammed into a bed of nails.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[458495].message }}
  • Profile picture of the author krishananda
    The site still has reported attack site, hope there's nothing serious going on, would be shame for a great tool to be reported like that.

    Anyone know exactly how a site can be in a state like that?
    {{ DiscussionBoard.errors[458756].message }}
    • Profile picture of the author hotlinkz
      Originally Posted by krishananda View Post

      The site still has reported attack site, hope there's nothing serious going on, would be shame for a great tool to be reported like that.

      Anyone know exactly how a site can be in a state like that?
      Bad or sloppy scripting can sometimes cause issues like this. There are "bots" that search the web looking for such scripting errors to exploit.
      Signature
      {{ DiscussionBoard.errors[458759].message }}
  • Profile picture of the author GeorgR.
    no, his site WAS attacked. I saw an entry on his blog where he said that his site got attacked. Needles to say i couldn't read the entire entry since Google blocked the site.
    Bad enough, it also affected myself since i promoted MNF via adwords and they suspended my AW account because of this! ("Your landing page contains malware...") <---

    I hope he got his site cleaned and i hope AW has some common sense and re-instates my account also.
    I can imagine what a horrible thing this must be for him.
    Signature
    *** Affiliate Site Quick --> The Fastest & Easiest Way to Make Affiliate Sites!<--
    -> VISIT www.1UP-SEO.com *** <- Internet Marketing, SEO Tips, Reviews & More!! ***
    *** HIGH QUALITY CONTENT CREATION +++ Manual Article Spinning (Thread Here) ***
    Content Creation, Blogging, Articles, Converting Sales Copy, Reviews, Ebooks, Rewrites
    {{ DiscussionBoard.errors[458768].message }}
    • Profile picture of the author krishananda
      Originally Posted by GeorgR. View Post

      no, his site WAS attacked. I saw an entry on his blog where he said that his site got attacked. Needles to say i couldn't read the entire entry since Google blocked the site.
      Bad enough, it also affected myself since i promoted MNF via adwords and they suspended my AW account because of this! ("Your landing page contains malware...") <---

      I hope he got his site cleaned and i hope AW has some common sense and re-instates my account also.
      I can imagine what a horrible thing this must be for him.
      Sorry to hear that GeorgR,

      From the explanation from google I assume the site was attacked, the scary side of competition, hope James do something about this later:

      What happened when Google visited this site?Of the 12 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-01-24, and the last time suspicious content was found on this site was on 2009-01-24.Malicious software includes 2 trojan(s). Successful infection resulted in an average of 1 new processes on the target machine.
      Malicious software is hosted on 1 domain(s), including megatt.cn/.
      This site was hosted on 1 network(s) including AS21844 (THEPLANET).
      {{ DiscussionBoard.errors[458785].message }}
  • Profile picture of the author James Jewett
    This was posted on the Micro Niche Finder Blog

    Quote-

    "Early morning on Saturday January 24th an attack was launched against the Micro Niche Finder main index page."

    "The perpetrator was able to successfully inject a virus into the index.html page that attempts to download a program onto a visitor's computer. If successfully installed on the user's computer, the program could intercept search results from the user's computer and display popup ads."

    "The malware was quickly discovered and removed from the page. The entire server was scanned, and no further infection was found. However, Google indexed the site while the malware was still active and is now displaying a warning message"

    "We have submitted a request to Google to re-evaluate and hope to have the warning message removed on the next re-index."

    "The cause of this problem is still being investigated and when we have more information we will share our findings on this blog. We regret this incident happened. However one good thing that will come out of this is we are planning on publishing a proactive solution that will show other webmasters how to keep this from happening to their websites in the future."

    "Please note that this was an html injection virus that only affected one page (the index.html page) on the Micro Niche Finder server. The Micro Niche Finder software and other pages on the site were not affected."

    -End of Quotes

    If you have the software you can click the link to the blog and read the complete post there.

    Jim
    {{ DiscussionBoard.errors[459789].message }}
    • Profile picture of the author krishananda
      Originally Posted by James Jewett View Post

      This was posted on the Micro Niche Finder Blog

      Quote-

      "Early morning on Saturday January 24th an attack was launched against the Micro Niche Finder main index page."

      "The perpetrator was able to successfully inject a virus into the index.html page that attempts to download a program onto a visitor's computer. If successfully installed on the user's computer, the program could intercept search results from the user's computer and display popup ads."

      "The malware was quickly discovered and removed from the page. The entire server was scanned, and no further infection was found. However, Google indexed the site while the malware was still active and is now displaying a warning message"

      "We have submitted a request to Google to re-evaluate and hope to have the warning message removed on the next re-index."

      "The cause of this problem is still being investigated and when we have more information we will share our findings on this blog. We regret this incident happened. However one good thing that will come out of this is we are planning on publishing a proactive solution that will show other webmasters how to keep this from happening to their websites in the future."

      "Please note that this was an html injection virus that only affected one page (the index.html page) on the Micro Niche Finder server. The Micro Niche Finder software and other pages on the site were not affected."

      -End of Quotes

      If you have the software you can click the link to the blog and read the complete post there.

      Jim
      Thanks for pointing out the reason for the reported attack site, Jim.
      I can't even go to the site and don't know where the blog is.
      {{ DiscussionBoard.errors[461888].message }}
      • Profile picture of the author James Jewett
        krishananda,

        I would give you the blog link, but as you can see I have only posted once.
        So I cannot post links or send pm to you at this point.
        If any Ideas let me Know.

        Jim
        {{ DiscussionBoard.errors[463090].message }}
  • Profile picture of the author krishananda
    No that's okay, I'll just have to wait for the site to be active again.
    I just received video link for micronichefinder, going to watch it now.

    Thanks Jim
    {{ DiscussionBoard.errors[464697].message }}
  • Profile picture of the author James Jewett
    Your Welcome, glad I could be of assistance krishananda.

    Jim
    {{ DiscussionBoard.errors[466403].message }}

Trending Topics