Could someone with Linux tell me what Exploit Google is seeing on this site? [See Details].

Asked by ETpro (34605

) July 8th, 2012

The owner of this site had already retained me to give his site a makeover and move it to the Yahoo! Merchant Solutions platform. Today, his site suddenly began showing a warning that there is malware hosted there that might pose a threat to site visitors. Here’s the Google warning. http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.spacetoys.com/

Please, don’t anyone visit the site unless you are certain you know how to do so safely. I’m reluctant to jump in there with a Windows based system. If you have Linux that’s fully up to date and well insulated by a safe router and current AV software, could you hit http://www.spacetoys.com/ and tell me what Google is seeing?

Thanks.

Observing members: 0

Composing members: 0

6 Answers

No error from google. Image

I did curl the site and Little Snitch tossed up something odd.

And I zipped up a good chunk of the sites source for you to look through if you want. It is here.

jrpowell (40562

)“Great Answer” (2

) Flag as…

Okay, odd. Every few times I try to load the page it hangs trying to connect to a site with a crazy url. Screenshot here.

It is intermittent. Maybe one out of every ten tries. I googled the url but didn’t come up with any results. I also grepped the source and couldn’t find a reference to the url.

jrpowell (40562

)“Great Answer” (3

) Flag as…

OK, I was able to nail it. It’s a Mass Injection exploit using JavaScript. See here.

Thanks so much for the help. I don’t have FTP access, so the server admin will need to delete it.

ETpro (34605

)“Great Answer” (0

) Flag as…