Jump to content

SquareSpace among thousands of hacked websites that are infecting visitors with malware

MyNameIsNicola
 Share
Posted

 

Quote

 

Thousands of hacked websites have become unwitting participants in an advanced scheme that uses fake update notifications to install banking malware and remote access trojans on visitors' computers, a computer researcher said Tuesday.

The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace.

 

 

WWW: https://nicolaw.uk   CASE: Supermicro SuperChassis 847A-R1400LPB   MBSupermicro X9DRH-IF   CPU2x Intel® Xeon® CPU E5-2603 v2 @ 1.80GHz   RAM: 80GB ECC DDR3 1333   NICIntel E10G42BFSR X520-SR2   HBA: 5x LSI 9211-8i 6GB/s SAS HBA 'IT' Firmware   HDD/SSD2x 120GB Kingston SV300S37A120G SSD 2x 500GB Samsung 850 EVO SSD 8x 8TB Seagate ST8000AS0002-1NA17Z 21x 3TB Hitachi HGST HDN724030ALE640 4x 4TB Hitachi HGST HDS724040ALE640 3x 3TB Western Digital Red WDC WD30EFRX-68AX9N0

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Rune said:

Eh, .js files should be a giveaway in any download. Anyone that falls for it probably earned it.

I'm pretty sure the PC user base is far larger than the number of people who know what a file extension is.

It's like saying people scammed by fake police officers deserve it, because the actual police uniform in the city they were at is a different shade of dark blue...

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Linus looking at his sponsors over the past few months :

 

Image result for shit gif

PC - NZXT H510 Elite, Ryzen 5600, 16GB DDR3200 2x8GB, EVGA 3070 FTW3 Ultra, Asus VG278HQ 165hz,

 

Mac - 1.4ghz i5, 4GB DDR3 1600mhz, Intel HD 5000.  x2

 

Endlessly wishing for a BBQ in space.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

This hurts, it hurts deep. I can just imagine all the people thinking they just updated their browser and get a bank statement in the mail :/

Insanity is not the absence of sanity, but the willingness to ignore it for a purpose. Chaos is the result of this choice. I relish in both.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

It's time for alternatives!

 

Let me recommend you... Maxthon Cloud Browser! Compatible with a large amount of websites and formats, blocks all ads, etc, great browser to use. Includes a content snooper or whatever the name is, so you can download all your favourite youtube (and p0rn) videos without the need of an extra tool!

 

Also includes built in Passkeeper to securely store and fill all your passwords (and give them to china directly, double win), Maxnotes (similar to notepad) & UUMail (virtual mail inbox).

 

Download it here for free and save yourself a bunch of headaches, as most scummy sites won't work properly on there xD:  http://www.maxthon.com/index.php

 

Available for Windows, MacOS, Linux, iOS & Android.

 

yes it's a chinese browser so probably china gonna spy on yo ass.

 

Need to build a new website? 

 

Let me show you... Weebly! Easy drag and drop, free for personnal sites, rather cheap if you take longterm plans with their pro plan. 216$ for 2 years of pro which gives you access to all features needed in a modern website! All the plans (even free!) include a certificate for safe connection (the green lock), free 1 year domain on all plans (except free) & adsense credit. You can have a website up and running in 5 minutes by using their templates. Know HTML and CSS? Perfect, you can customize even more your website with the code editor!

 

Try it here for free: https://www.weebly.com/

 

Check their pricings here: https://www.weebly.com/pricing?lang=en

 

ps: yes i'm actually serious here ^_^

 

edit: kinda copied squarespace talking points :P

edit2: more talking points for maxthon, lel

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
33 minutes ago, Rune said:

Eh, .js files should be a giveaway in any download. Anyone that falls for it probably earned it.

Seeing how squarespace is designed for non-technical people to easily create a website for their business, I can tell you they didnt deserve it. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So is this a have within Square Space itself it just a variety of subdomains? I hope Linus can address this and provider some insight and make us feel happier...

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

They should have installed the protection of tunnelbear. I mean McAfee.

 

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Squarespace. Like geocities, except not fun.

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm confused. Did they compromise squarespace as a whole or individual accounts due to shoddy security?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, HalGameGuru said:

I'm confused. Did they compromise squarespace as a whole or individual accounts due to shoddy security?

Same here, I know WordPress have server side hosting and a package for those that want to get their own server and it didn't state any of that in the article 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×