Trojan on x10hosting Support

Hauzer · Jun 7, 2009

Hi there,

I didn't know which category this would fit into but this is the best I could figure out.

While I was visiting the x10hosting support help desk (http://support.x10hosting.com) my Anti-Virus/Anti-Spyware protection appeared. I'm using Eset NOD32.

The trojan file:

Code:

http://********.com/update/doc.pdf

I've removed parts of the link to make sure no one clicks this link and downloads the file. This is a trojan file. This is the log Eset NOD32 generated for me:

Code:

07/06/2009 12:25:33    HTTP filter    file    http://********.com/update/doc.pdf    JS/Exploit.Pdfka.NCY trojan    connection terminated - quarantined    ESYS\*****    Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

Again parts of the link has been removed, also my name has been hidden.

Dan · Jun 7, 2009

Hi there,
/update/doc.pdf does not exist on the support.x10hosting.com domain.
Was it support.x10hosting.com that your antivirus software said it was on?

Hauzer · Jun 7, 2009

Hi there,

It didn't say it was on x10hosting but that was the only web site I had open while this occurred. I'm thinking a sort of a hidden iframe or something made this occur. I hidden the original domain with asterisks, it originally said "<removed>"

Thanks for your reply. Maybe it was a one-off or something similar. My computer doesn't seem infected.

leafypiggy · Jun 7, 2009

I've alerted some staff members, and they're working on it.

Jarryd · Jun 7, 2009

Thanks for posting the info, the staff will deal with it from here.

zubair12 · Jun 7, 2009

hmm good info for staff. but i am also using eset nod32. and my nod32 is not showing any problem.

Smith6612 · Jun 7, 2009

I ran a quick sweep of support.x10hosting.com using a Sand boxed IE8 for anything malicious and nothing had shown up here. Looking at the browsing logs of my Linux router while running a sweep, the router is showing the blocking of advertisements at support.x10hosting.com (three things being blocked every page load). Two of the lists are x10Hosting Ad Serving scripts, and one is of Adbrite. Now, within the past year or so there has been an increase of JavaScript and PDF exploits coming in via advertisements, so while x10Hosting's support service may not have malicious software on it, with 3rd party ad systems you have to be careful. You might actually be surprised to hear that Google's AdSence had gotten hacked a few months ago and ads were inserted into the service to deliver malware as well as ads for malware'd programs.

My suggestion to you is to disable any Adobe Reader plugins in your browser and install and use Ad-blocking software, as well as run Malwarebytes' Anti-Malware for safe checks. Here I'm blocking ads on the network level, so it would have to get past the router first before it even hits my PC. If I see it show up on my PC, it's typically blacklisted within a minute here.

zubair12 · Jun 7, 2009

yea i think thats a good idea smith!!!

Trojan on x10hosting Support

Hauzer

New Member

Dan

Active Member

Hauzer

New Member

leafypiggy

Manager of Pens and Office Supplies

Jarryd

Community Advocate

zubair12

Banned

Smith6612

I ate all of the x10Pizza

zubair12

Banned

Free Web Hosting

Our Community

Legal