desktopnexus.com has been hacked

Post Reply
alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

desktopnexus.com has been hacked

Post by alphacentauri » Fri Mar 11, 2011 8:04 pm

A friend of mine just got infected from a drive-by download on desktopnexus.com, a site that provides free desktop wallpaper and has a solid green reputation here. The file is called .UM*a%5BU(I)+-J.%5E%5B(,/,Y(%5E_---Z/Na-.-.,QYU(_K and is on the nature.desktopnexus.com subdomain

Guest

RE: desktopnexus.com has been hacked

Post by Guest » Fri Mar 11, 2011 8:15 pm

Thanks for the information AC :D Has someone mailed the website admin about this?

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

RE: desktopnexus.com has been hacked

Post by c۞g » Fri Mar 11, 2011 8:31 pm

It would help to know the actual wallpaper URL
I've browsed a few with no signs of malice.

Was this wallpaper linked from elsewhere?
(infection from 3rd party domain)

alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

RE: desktopnexus.com has been hacked

Post by alphacentauri » Fri Mar 11, 2011 10:26 pm

No, my friend browsed to the main site from Google, then was checking various links, using Firefox but not Noscript. I wasn't sure if Noscript would block that ugly URL and I wasn't running in a VM, so I didn't try to find it. I looked at my friend's browser history, and that URL was an obvious standout. (Kudos to FF for not clearing the browser history when I did a system restore; I've never been able to reconstruct the source of one of these from IE.)

It loaded one of those fake AV programs. He probably clicked on something, as he was fooled into thinking it was a Windows system folder that had popped up.

I did send them information in their contact form.

alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

RE: desktopnexus.com has been hacked

Post by alphacentauri » Fri Mar 11, 2011 10:35 pm

Ok, I got more of the story. The site allows you to choose wallpapers. Apparently, instead of actually downloading them, you are subscribing to a service that loads them onto your computer. Not what I would sign up for, but that's how it works. Today, the wallpaper he had chosen was no longer appearing on his computer. So he went back to the site to get it again. He describes it as a hammock between two palm trees with mountains in the background. He also tried getting another image of a grass hut, but the wallpaper looked like the thumbnail was just being stretched on his desktop, with huge magnified pixels.

I'd be interested in knowing more about how this site actually works when it isn't downloading fake AV programs to know how much someone is opening their computer up to possible attack.

And he actually found it through Yahoo, not Google.

Satchman
Posts: 1163
Joined: Mon Dec 28, 2009 1:08 pm

RE: desktopnexus.com has been hacked

Post by Satchman » Fri Mar 11, 2011 10:53 pm

Thanks AC,

Have you or your friend done an update and full scan of your computer with your AV and any other malware removal programs you have? You should do that ASAP. And if you can, send the suspected file to your AV companies' virus lab, (There should be a way to do that in your AV program) Or find out at their website. The AV company will be able to hopefully write a definition for this virus/malware on the next update. Send them the file in a zip file format, with a message for them to test it..

Thank you for informing WOT of this malware.

Satch

LaserWraith
Posts: 35
Joined: Thu Mar 18, 2010 12:44 am

RE: desktopnexus.com has been hacked

Post by LaserWraith » Sat Mar 12, 2011 2:19 am

Also, uploading malware to VirusTotal is helpful: The samples are sent to most vendors that participate.

Figure10
Posts: 270
Joined: Sun Jun 20, 2010 9:46 pm

RE: desktopnexus.com has been hacked

Post by Figure10 » Sat Mar 12, 2011 2:47 am

I've used the site a few times. You can download wallpapers there without an account, (at least you could a few months ago when I used it..) The wallpaper stretching could be a service they had (again, a few months ago) that would make any wallpaper fit to your screen resolution. It was really useful. The image could have been small to begin with or perhaps the thumbnail got mixed up in place of the image.

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

RE: desktopnexus.com has been hacked

Post by c۞g » Sat Mar 12, 2011 4:29 am

@ AlphaCentauri

The cached FF history URL would have been nice to see. :)

Visiting the site, though none of it's images appeal to me, I did set one as desktop background.
Windows saved the image (.jpg) in the proper folder; it was viewable offline.
No software is required to view / download / set as wallpaper.
So I'm confused as to how the image was no longer available from this website.
I'm also wondering if software is used, which is it and why would your friend need to Yahoo! a wallpaper site in attempt to recover it?

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests