PCBugSquad

Looks like Google finally cleaned up the GrandCentral blog.  I have also contacted all of the hacked sites I could find, but sadly only 1 one of them  have cleaned their site up at this time.

Oh well, hopefully they will get it over the weekend.

As said last night, if GrandCentral was still hacked in the morning, I was going to contact the hacked sites myself and give instructions on what they should do to rectify the situation.

Below is the email I am sending to hacked sites:

Web site Owner,

It appears that your blog has been hacked to display content about pharmaceutical drugs and online pharmacies.  These links are then spammed on various sites, including Google’s GrandCentral blog.

An example link on your site is where you can see the hacked content is:

http://example.com/?id=1

I suggest you disable your site, look over your code, and determine where they have hacked your files.  From what I can tell, it appears that your index.php has been compromised, but I suggest removing the entire blogging software and installing the latest one to be safe as you may never know if other files were modified.

As your URL has been compromised to be used in spamming other sites, I also suggest you contact Google and the other search engines so they do not penalize your site.  You can do this on Google by logging into the WebMaster console and submitting a reinclusion request.  In the request explain what happened and how your site was actually being spammed on the GrandCentral blog.  Only file this request when your site has been fixed.  For more info you may want to read this article:

http://www.mattcutts.com/blog/helping-hacked-sites/

For more information on how we discovered this hack, you can read this blog article:

http://www.pcbugsquad.com/2008/07/googles-grandcentral-blog-has-been-hacked/

Hope this helps and please feel free to contact me if you need help.

–
John
http://www.PCBugSquad.com

I will keep everyone updated as we go.

It has been over 24 hours since we blogged about how the blog for GrandCentral.com was hacked and since we reported it to Google security, but the spam links are still in the blog’s style.  What’s going on Google?  You have made such a huge stance on search engine spam, yet you allow it to continue being propagated by sites under your own control.

If the site is still showing the links tomorrow, I will take it upon myself to try and contact the site owners that were hacked and see if we can get those links taken down.  I would prefer Google do it, as they have more clout, but if it’s not going to get done, I will do it.

THe USS.exe Trojan is an executable that gets installed on your computer along with other malware. This infection will also install a service called wasfsd that uses the filename C:\Windows\System32\drivers\System32. When running, this Trojan will display fake alerts that state your computer is being attacked or is infected with particular infections. It will then ask if you would like to block or fix these infections, and if you specify yes, will open up an Internet Explorer window where it prompts you to buy Trusted Antivirus.

InternetSecurityDeluxe is a very deceptive and misleading anti-spyware program. It proclaims that is a top pick of some made-up magazines and had high reviews on sites that don’t have any listing of this. Then when you run the software, it states you have infections but will not tell you what they are. To remove these infections, you would then have to purchase the software.

AntiSpyCheck works just like all of the rest. It scans your computer, displays fake findings, and then asks you to purchase it before you can remove anything. To make matters worse, it’s constant registration requests can bring your computer to a crawl.

AntiSpyware 2008 is a fake anti-spyware program that tries to scam you into purchasing the software by showing misleading results. When the program runs, it will scan your computer and AntiSpyware 2008 will state that you have infections on your computer. These infections, though, do not exist at all anywhere on your computer.

GrandCentral is a company, purchased by Google in 2007, that assigns a phone number that allows you to be reached wherever you are by redirecting your calls to other phones of your choice.  Yesterday, when browsing their blog I noticed a large swathe of empty space at the bottom and found this to be a [...]

Antivirus Master is a new rogue anti-spyware program that is a master of nothing. This program proclaims itself as a master of removing malware from your computer. In reality, though, this program is the actual infection. When Antivirus Master scans your computer it will list infections that do not exist. Then, in order to remove these infections, you must first purchase the software in order to do so. As we did not purchase it, I am sure once it was purchased those threats would immediately be gone.

PCTotalDefender is a new rogue anti-spyware program that displays fake information in order to scare you into purchasing the program. This program is typically advertised through sites that pretend to be scanning your computer. In reality they are just advertisements trying to trick you into purchasing the program. It is suggested that you remove this infection as it is known to slow down your computer and display popups for other rogue anti-spyware programs.