Seattle University School of Law Forum Website Exploited to Send Internet Users to Fake Porn at HOT-PORN-XTUBE.COM
TOKYO (MacHouse) - Several forum websites run by American colleges and universities have been exploited lately. For example, we reported several days ago that the forum website run by East Tennessee State University’s Quillen College of Medicine was exploited to send Internet users to a fake anti-virus scan website at http://scan.online-security-check.com.
 Screenshot 01 - Source: MacHouse |
 Screenshot 02 - Source: Seattle University School of Law |
 Screenshot 03 - Source: Seattle University School of Law |
For the past 36 hours or so, a confused individual behind an organized cyber criminal group is circulating spam comments around blogs and forums all over the world to advertise spam posts made at a forum website run by Seattle University School of Law. (Screenshot 01 shows one of the latest spam comments. Screenshot 02 shows the gate page of Seattle University School of Law’s website.) The forum website found at http://www.law.seattleu.edu/forums/ccls/ was not accessible yesterday. Now, it is. If you access it, you will find thousands of spam posts created by a familiar user named atolka. (See Screenshot 03.) It’s the same user name behind many forum website exploitation incidents. There are currently four topics. If you enter Robert C. Hinkley & the revised corporate code, you will find, again, familiar posts like Yugioh hentai, Youtube sex, Youth groups, Your porn and so forth. (See Screenshot 04.) If you click on any of them, you will be redirected to a relatively new fake PornTube website, which is hosted in Tampa, Florida, USA.
 Screenshot 04 - Source: Seattle University School of Law |
 Screenshot 05 - Source: hot-porn-xtube.com |
 Screenshot 06 - Source: WhoIs.Net |
The fake PornTube website in question can be found at http://hot-porn-xtube.com. (See Screenshot 05.) The domain itself is relatively new. It was registered in August 19. (See Screenshot 06.) Anyway, the index page of this fake PornTube contains sexually-oriented photo images including ones with possibly underaged girls. If you click on any of them, you will be forced to download a file titled codec.v.1.0.exe. (See Screenshot 07.) The file itself is hosted at a different website (http://soft-upagrade-archive.com). However, these two websites are run under the same web server.
 Screenshot 07 - Source: hot-porn-xtube.com |
 Screenshot 08 - Source: MacHouse |
 Screenshot 09 - Source: HiVelocity Hosting |
We don’t know exactly what codec.v.1.0.exe does. We used Sophos Anti-Virus to scan this file but found no malicious codes so far. Most likely, it contains a new form of malware driven by a Trojan Horse derivative.
The IP address of the web server hosting the Fake PornTube website at hot-porn-xtube.com is 66.232.126.193. We’ve seen this IP address as well. It belongs to Tampa/Florida-based web hosting company called Hivelocity Hosting. (Screenshot 09 shows its index page.) It’s the same web hosting company behind the fake PornTube website we found in conjunction with spam posts at Ngee Ann Polytechnic’s Teaching & Learning Centre.
We contacted Hivelocity Hosting in August 16 and notified that they were hosting a fake PornTube website. However, a company representative responded that they accept pornographic content.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
East Tennessee State University Quillen College of Medicine’s Forums Exploited Possible to Distribute Malware
Two Websites Determined to Distribute Files Containing Trojan Horse Derivatives
Singapore’s Ngree Ann Polytechnic’s Website Exploited and Used As Redirection Point to Send Internet Users to Fake PornTube Website
Kuwait University’s Forums Flooded with Spam Comments Redirecting Internet Users to New Fake Anti-Virus Scan Website 02
Kuwait University’s Forums Flooded with Spam Comments Redirecting Internet Users to New Fake Anti-Virus Scan Website 01
Virginia Commonwealth University’s Partnership for People with Disabilities Exploited for Fake Malware Scan (2)
Virginia Commonwealth University’s Partnership for People with Disabilities Exploited for Fake Malware Scan (1)
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.