Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - In our last article, we reported that the peudo-MP3 music website hosted at blogspot distributes a list of exploited websites hosted at major U.S. web hosting company PowWeb. Sorting the entire list of websites, what we found is a list of possibly exploited websites hosted at U.K. web host 34SP.com. The following list contains 148 domains, of which at least 130 of them are still hosted by 34SP.com. And at least two of them are currently under exploitation. (The domains shown in italic are possibly out of 34SP.com.)

1stattempt.co.uk (See Screenshot 04.)

3rock.net (See Screenshot 05.)

4webhelp.net (See Screenshot 06.)

6stchadsplace.com (See Screenshot 07.)

aardvarkelectronics.com.au (See Screenshot 08.)

aatplus.com (See Screenshot 09.)

aavo.org.uk

abcfoundation.org

abcourier.co.uk

abeggarsopera.co.uk => Expired or suspended

abooth.co.uk

academy-marquees.co.uk

acanthusgallery.co.uk

adaptaboard.co.uk

aerotek-aviation.co.uk

agapeministries.co.uk

aiborg.net

alisonjanegems.com

amazingfoodcompany.com

andrewstoddart.org.uk

andyseed.com

angelsoflight.co.uk

antonydunn.org

antonymicallef.com

arduramusic.com

arkprojects.co.uk

astonandsmithmortgages.co.uk

aubreymurphy.com

avrovulcan.org.uk

backdropstudio.com

bad-publicity.net

b-ameztoy.com

barnbarroch-pottery.com

barrowboating.co.uk => Unknown, possibly hosted at KDA Web Services, Ltd.

beebeedevelopments.co.uk

beradundee.org.uk

best-restaurant.co.uk

betterware-uk.co.uk => Unknown, possibly hosted at Host Europe or Pipex Internet Limited

birdbrooklees.co.uk => Unknown

blootoon.biz

bodycheckuk.com => Possibly ThePlanet.com or Host Gator

bookendsoffowey.com

bricktint.com => Unknown

buccsociety.com

buglebandcontest.co.uk

bulgarianrentals.com

bulletmovies.com

buydesigns.co.uk

byways.org.uk

cameronsonthegreen.com

camiselectrical.com => Unknown

camiselectronics.com => Unknown

camistools.com => Unknown

campana.lk

cannabisassembly.org

car-hire-van-rental.co.uk

catneyinns.co.uk

cb37.co.uk

centraleast-atc.org.uk

chakkarapani.com

chamberslimousines.com

chameleonic-design.com

chamira.com

charleshenleysolicitors.co.uk

cheeseontour.com

children-today.org.uk

chrisbekas.com

cinderhillequinevets.co.uk

claimsco.com

clarioneventsscotland.com

colmanconnolly.com

colwynbaycivicsociety.co.uk

contact-immobilier.ch

cornwalllupusgroup.org.uk => Expired or suspended

corporate-doctors.com

cossc.org.uk

crate20.co.uk

crn.ie

crocnaraw.co.uk

crowhurstandcompany.co.uk => Unknown, possibly hosted at Eclipse Internet

ctdslab.co.uk

cubacooperacion.com

cutekeepsakes.com

dalavichforestcabins.com

darc.org.uk

davewilliamsweekend.com

david-wishart.co.uk

dbgaming.co.uk

deanmoore.com

deshamilton.com

desksinternational.com

dfpt.co.uk

dhiravamsa.com

diaries-book.org

digitalcamerareviews.info

digitaloop.net

dkparrott.co.uk => Unknown, possibly still hosted at 34SP.com

dmsupplies.com

dmt.org.uk

dougfaircloth.com

dragonsoccer.net

dransfield.co.uk =>iomart plc

dundeecab.org

dustbinman.com

e2uk.co.uk

earthhistory.org.uk

earthpeace.co.uk

edistone.com

emmapyke.co.uk

empiricalcoaching.com

e-scorecards.com => Unknown, possibly Kraya Solutions

faceart.info

fethalandtours.com

finsbury-badminton.co.uk

fit4living.co.uk

footballdevelopment.com

forcewell.com

fredrikarff.com

freeict.com

frickers.co.uk

friendsforleather.co.uk =>uk fast

friendsofdogs.net

fulwoodchurch.co.uk

furnitureplus.org.uk

ghostlog.com

girlguidingsuffolk.org.uk

glasgowapartment.co.uk

glendalegeraniums.co.uk

goodmanlongshanks.com

gordonpowles.com => Unknown

goslinganimation.com

grahamgreener.com

3d-box-shot.com

safetydirectory.com

fluxmedia.de => Unknown, possibly still hosted at 34SP.com or at Host Europe

iowasailing.org

bremf.org.uk

jonathantatum.com

dface.co.uk

o2deals.co.uk

researchclinic.co.uk

policypointers.org

csensedesign.co.uk

meccsa.org.uk

martademenezes.com

blindkiss.com

threshold10.com

iasummit.org

Earlier this week, we obtained a list of websites that were exploited to redirect Internet users to the fake anti-virus scan website of antivirus-scanner.com where a computer virus known as Troj/Dwnldr-HDG awaits them. Some victimized websites are owned by academic institutes including Beacon University, Arizona State University and Flagler College. One exploited website is actually run by a Japanese web hosting company. What a poor company… This web hosting company’s website (cyberbb.com) is still under exploitation.

Screenshot 01 - Source: 34SP.COM

Screenshot 02 - Source: Rackspace Hosting

Screenshot 03 - Source: MacHouse

And some other websites are either hosted by 34SP.com Ltd (See Screenshot 01.) or Rackspace Managed Hosting (See Screenshot 02.) . We don’t know the exact relationship between these two web hosting companies. Running a trace route search on ns.34sp.com takes us to the website of 34SP.com Ltd while running a trace route search on ns2.34sp.com takes us to the website of Rackspace Managed Hosting.

Screenshot 04 - Source: MacHouse

Screenshot 05 - Source: MacHouse

Screenshot 06 - Source: MacHouse

Screenshot 07 - Source: MacHouse

Screenshot 08 - Source: MacHouse

Screenshot 09 - Source: MacHouse

We don’t check the exploitation history of every website in the list above. We know that at least a couple of them including the websites of o2deals.co.uk and meccsa.org.uk are still under exploitation and redirect Internet users to the fake anti-virus scan website. At least one website in the list is so far free of redirection thanks to our kind notification.

We don’t know exactly how they exploited all or some of the websites in the list above. What we know is that they did not use the SQL injection in some of the victimized websites. Shown in Screenshot 03 is a simple PHP file obtained from one of the victimized websites. Again, the referrer matters. So, depending on where you originate, you might not be redirected to the fake anti-virus scan website.

What can the webmaster do if his or her website is in the exploitation list? We have listed up some security tips. Click here for more information.






References:

Exploitation List of 110+ Websites Hosted at PowWeb
The Official Website of British Band Camera Obscura Exploited for Fake Anti-Virus Scan
Warning: Fake Anti-Virus Scan and Common Characteristics Among 4 of Victimized Websites
Sitemap Hack, ANTIVIRUS-SCANNER.COM Invading At Least 10 Websites Including Arizona State University’s Site
ANTIVIRUS-SCANNER.COM and Troj/Dwnldr-HDG
Warning: A New Hack Scheme Discovered Involving Anti-Virus Scan Website

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?