Malware on a vendor website

Status
Not open for further replies.

cromag27

octoaquatics.com - ig = @octoaquatics. view my sig
View Badges
Joined
Sep 7, 2013
Messages
8,249
Reaction score
11,239
Location
arizona
Rating - 0%
0   0   0
I will not, if you would like to start your own thread with the information please do so. I just based this on speculation. I sent you a message of the site and where the code is.

that’s the issue. speculating and assuming can be very damaging. i’m just saying, either call out @AquaSD by name or do some more investigating before you post about it, to ensure you’re not making false statements. that’s all.
 

Jeeperz

Valuable Member
View Badges
Joined
Sep 28, 2019
Messages
1,637
Reaction score
1,093
Rating - 0%
0   0   0
that’s the issue. speculating and assuming can be very damaging. i’m just saying, either call out @AquaSD by name or do some more investigating before you post about it, to ensure you’re not making false statements. that’s all.
That's the thing, revhtree is trying to deal with it before outing a vendor. Let the mods do their thing.
 

lmm1967

Well-Known Member
View Badges
Joined
Sep 12, 2017
Messages
563
Reaction score
848
Location
North Georgia
Rating - 0%
0   0   0
There are more false positives (and threats you don't even know exist yet) floating around than there are actual compromised sites / threats.

I hope a disclosure has been provided to the vendor - if there has been and they are ignoring it - expose them. If they are cooperative and working on it - give them the space to do so.

And remember - you're data has been compromised - if you think you haven't been - you simply don't know it yet.
 

cromag27

octoaquatics.com - ig = @octoaquatics. view my sig
View Badges
Joined
Sep 7, 2013
Messages
8,249
Reaction score
11,239
Location
arizona
Rating - 0%
0   0   0
That's the thing, revhtree is trying to deal with it before outing a vendor. Let the mods do their thing.

i agree. if there wasn’t sufficient evidence to begin with, no need to make anything public. otherwise it’s obvious tons of people will want to know the vendor. which is exactly what happened. reverse logic here.
 

NanoDJS

Valuable Member
View Badges
Joined
Apr 11, 2016
Messages
1,153
Reaction score
1,405
Location
NNJ /NYC
Rating - 0%
0   0   0
The OP was just trying to protect the community, I respect that. He saw it and said something without trying to "out" the site , like was discussed. I confirmed his suspicion privately and now the mods are dealing with it at this point I'm sure. That being said , be thankful somebody cared enough to warn you . Its been happening a REALLY long time, I cant believe NOBODY but the OP and myself even knew ..... c'mon thats pathetic , to all the people who were wondering what antivirus to use , I would strongly suggest ESET NOD 32, as was mentioned. It is the end users responsibility to protect their electronic communication , period. Dont let your nuts drag out there folks. An ounce of prevention is worth a pound of cure , correct.
 
OP
OP
aqua_code

aqua_code

Active Member
View Badges
Joined
Jul 31, 2019
Messages
332
Reaction score
489
Location
Baltimore
Rating - 0%
0   0   0
The script appears to to search for and copy data from your local hard drive and send it to a remote location. Just briefly looking at the attack matrix below, it doesn't look good even if it is a false positive. I wouldn't want a script utilizing process injection, security software discovery, and remote file copy processes when I was browsing for corals.
1583198078822.png

It looks to me like the javascript utilizes a remote domain sending json through a "/optout/set/lt" URL. A similar type of malware appears in wordpress sites and appears in this stackoverflow:


My guess is they are using an old or outdated shopify theme or plugin and it was compromised somehow like earlier posters were saying. I do not think the vendor is aware of the issue, or how to properly fix it. It's not my intention to bash any vendor and I do my research before posting anything, especially web development related.
 
Last edited:

MnFish1

10K Club member
View Badges
Joined
Dec 28, 2016
Messages
23,366
Reaction score
22,362
Location
Midwest
Rating - 100%
1   0   0
If the mods want to take over this thread and post the site I am happy to step away from it. If you would like to know privately please PM me and I will respond pretty quickly.
Maybe that is a good idea. I have had numerous 'false alarms' with antivirus programs - or my misinterpretation of them - if you dont want to post the vendor - thats fine - but - you've done what you needed to do let the site people determine the next step (in my humble opinion)
 

JKenny

Active Member
View Badges
Joined
Sep 15, 2019
Messages
122
Reaction score
202
Location
Long Island, NY
Rating - 0%
0   0   0
aqua_code,

Can you please email me the site? I would like to see if my existing Bitdefender will flag the trouble.

You're a gentleman...
 

Anirban

5000 Club Member
View Badges
Joined
Sep 18, 2015
Messages
5,353
Reaction score
9,480
Location
Chapel Hill
Rating - 100%
1   0   0
aqua_code,

Can you please email me the site? I would like to see if my existing Bitdefender will flag the trouble.

You're a gentleman...
Bitdefender will flag the trouble if its a updated version. Mine did every time I opened their pages during sale.
 

Wolf89

Valuable Member
View Badges
Joined
Dec 4, 2018
Messages
1,832
Reaction score
2,717
Rating - 0%
0   0   0
aqua_code,

Can you please email me the site? I would like to see if my existing Bitdefender will flag the trouble.

You're a gentleman...
Can someone PM me the details. I had an unauthorized used of my card last night after shopping around on a few sites.. Not sure if related
Please PM me too, OP!
Please PM me also .
The vendor has been identified in a previous post.
 

IAReefer

Active Member
View Badges
Joined
Mar 6, 2019
Messages
112
Reaction score
132
Rating - 0%
0   0   0
The vendor has been identified in a previous post.
Instead of digging through 60 posts, can you identify? They shouldn’t be a sponsored vendor if they’re infecting members pc’s/computers, and should be called out
 

Silver14SS

Valuable Member
View Badges
Joined
Apr 8, 2017
Messages
2,383
Reaction score
4,364
Location
NC
Rating - 0%
0   0   0
Instead of digging through 60 posts, can you identify? They shouldn’t be a sponsored vendor if they’re infecting members pc’s/computers, and should be called out

Post #41 on this page names the vendor - AquaSD

 

robbyg

Valuable Member
View Badges
Joined
Sep 8, 2019
Messages
2,304
Reaction score
2,860
Rating - 0%
0   0   0
Listening to the OP I can tell that he knows what he is talking about. Now that the name is posted I hope nobody is thinking of going there to check if their AV software is going to go off LOL :p.
I use ESET and it is not cheap, but they update the signature DB at least once per day if not more.
Five years and it's caught everything. I check my running Processes from time to time and so far all the files check out.
 
Status
Not open for further replies.

How much do you care about having a display FREE of wires, pumps and equipment?

  • Want it squeaky clean! Wires be danged!

    Votes: 48 43.2%
  • A few things are ok with me!

    Votes: 56 50.5%
  • No care at all! Bring it on!

    Votes: 7 6.3%
Back
Top