Tuesday, July 29, 2008

Attack Sites.

I have come across very strange events during the last two days. Yesterday, Google Diagnostics advised me that http://www.pf-armenia.org/, Policy Forum Armenia, was an attack site and advised me not to go there.

Today, blog.oneworld.com, Armenia and the South Caucasus Knot, was similarly flagged.

What's going on? As far as I am concerned, these two sites are legitimate and their authors are not after stealing personal data or installing malware on the users' computers.

Update: Onnik informs that blog.oneworld.am was not infected. There were a few hacked files on the oneworld.am domain that have since been cleaned up. More information is available at http://517design.livejournal.com/262008.html.

8 comments:

Ani said...

I saw that as well, I think yesterday--and I am 99.9999% sure that Onnik is not a threat ;)

There's been something going on with Russian hackers in Georgia, maybe it has somehow spilled over since he has Georgia in his blog? Anyway, hope it's fixed quickly!

http://www.informationweek.com/news/security/
cybercrime/showArticle.jhtml?articleID=209400218

Anonymous said...

i got the same thing when going to the Policy Forum Armenia site. hackers, but don't know how to address with google...

Anonymous said...

PFA's website has been hacked after we posted the Election Report. Attempts to fight the virus have so far not been successful. We are working on it though. Please don't give up on us and stay tuned for the Armenian version of the Report. PFA Admin

Anonymous said...

when visiting the pf-forum site my antivirus (Symantec) detects the following:

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2007-100915-0239-99

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-062316-3633-99

Please ask your hosting company (BAREFRUIT LTD) to virus scan your directories. It is possible you uploaded an infected file.

Anonymous said...

Hi Nazarian,

Yeah, it looks like someone hacked oneworld.am (but not blog.oneworld.am) and added malicious javascript code to some of my files which linked to a malware russian site.

Not sure who did it or why, but I hope now I've cleared the code from oneworld.am (blog.oneworld.am was always 100 percent safe) I hope Google will change the warning.

Anonymous said...

More info at:
http://517design.livejournal.com/262008.html

Ankakh_Hayastan said...

Onnik,

thanks for the update.

Anonymous said...

Thanks to Google for removing the warning on their search pages. They were quick to reassess my site after the problem became evident.

http://www.google.com/safebrowsing/diagnostic?site=http://www.oneworld.am

Apologies to all who might have been concerned by the warning. Again, I am still unsure as to how the malicious code was inserted and more importantly, who was responsible.

PFA Site is still listed as suspicious and I would recommend them to take a look at Google's analysis in order to rectify the problem.

http://www.google.com/safebrowsing/diagnostic?site=http://www.pf-armenia.org/