A Hacker Website I Clicked On, Doh !

[Ben Pease]

While I was browsing another forum, a person had a link in their sig and it said something like "my new favorite website". So I'll take a look-see I thought to myself and I clicked on it. It was some virus, hacker website. Pop-ups all over the place of a shock image that I think is called "pillowfight". It was also automatically opening various applications and trying to send multiple emails to "jesuitx@gnaa.us", among other things. I force quit applications (It's amazing I even know how to) as soon as I realized what was happening. I then reset Safari.

The site itself is "thankless.net". A google search for it lists only itself, the title of which is "lolastmeasure by abortion". I found that "jesuitx" name is mentioned in an article on wikipedia describing GNNA though : GNAA. Troll hackers.

Please keep in mind that I'm a novice with computers. I've got a PowerBook G4 with OS X. Can anybody give me advice on my situation ? Is my laptop infected ? What course of action should I take now ?

 

[Heb1228]

Ha! that was pretty funny. I visited the site. I'm not scared.

Ok, for one thing I have some safari helpers installed, so it probably did some crazier things to you than it did to me, but don't worry.

There are no viruses for Mac OS X. Your computer should be fine. Have you noticed anything odd with how your computer has been behaving since visiting?

 

[MacAztec]

holy crap, I didn't think that was possible, but sure enough, I went to that page and my Mac went nuts. Opened Adium, Mail, tried to mail some random people, opened Skype too. Weird...how can that happen?

 

[Heb1228]

I'll go back and try to look at the source code. It didn't do anything to me but try to open a few pop-ups (which can only open in tabs for me) and a voice kept repreating "i'm looking at gay porn"

 

[Nuc]

That site was messed up!!

holy crap, I didn't think that was possible, but sure enough, I went to that page and my Mac went nuts. Opened Adium, Mail, tried to mail some random people, opened Skype too. Weird...how can that happen?

I know what you mean. To many explicit pictures on that site. It opened up terminal and was trying to connect to a server, iChat opened. Though my mail program didn't do anything. Whoever made that site needs to be taken out and shot!!

Nuc

edit: this would be a great website to send someone you hate at work!!

 

[Nermal]

Weird...how can that happen?

It's not too hard to do. I've used some of those tricks myself (for non-malicious purposes, of course!)

 

[zap2]

one more site i now not to go to!!

 

[Heb1228]

Here's the source code of the website, looks like javascript and flash



I don't think i know enough about web coding to tell exactly whats going on with it, maybe somebody else can explain.

<html>
<head>
<title>lolastmeasure by abortion</title>
<script src='lol.js' type='text/javascript'></script>
<link href='style.css' rel='stylesheet' type='text/css' />
</head>
<body onload="setTimeout('spawncreate()',100)">
<script type="text/javascript">
function spawncreate() {
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
}
setTimeout("spawncreate()", 100);
spawncreate()</script>
<table>
<tr><td valign="middle">
<div>
<a href="http://www.gnaa.us/"><img src="images/gnaa.png" alt='gnaa logo' /></a>
<br/><br/>
<a href="http://www.gnauk.co.uk" title="Gay ****** Association">GNAUK</a>
<embed src='http://www.thankless.net//flash/second_opener.swf' type='application/x-shockwave-flash'></embed>
<embed src='http://www.thankless.net//flash/second_opener.swf' type='application/x-shockwave-flash'></embed>
<embed src='http://www.thankless.net//flash/second_opener.swf' type='application/x-shockwave-flash'></embed>
<embed src='http://www.thankless.net//flash/hey.swf'></embed>
</div>
</td></tr>
</table>
</body>
</html>

 

[DeSnousa]

WTF, those images were not right. I had fun beating the spawn in new pages in Safari Although no apps opened for me, i guess i did not allow it to go for long.

What i don't get is the code that opens the apps designed for mac osx?

 

[Ben Pease]

Have you noticed anything odd with how your computer has been behaving since visiting?

It seems fine, thankfully not crashing and such. Thanks for the help guys.

 

[Stampyhead]

Here's the source code of the website, looks like javascript and flash



I don't think i know enough about web coding to tell exactly whats going on with it, maybe somebody else can explain.

It's calling to an external JavaScript file (lol.js). Open that file in your browser and you will see the JavaScript code.

 

[Vader]

I just tried it on my PSP. It kept popping up javascript boxes to open a new tab.
(posting from PSP)

 

[kalisphoenix]

Well, that was annoying. Fortunately, my Indigo iBook 366 is so slow that I could close the windows as fast as they popped up... :eyeroll:

All it is doing is sending your browser links like telnet://slashdot.org/ and callto://whatever/ and mailto://whatever@whereever/ ... nothing complicated or even all that intelligent. It's not a "vulnerability" and it's not something that can really be fixed without removing all the integration that we Mac users know and love.

Even though I really wish that they'd fix the flash method of circumventing pop-up blockers...

 

[Nermal]

What i don't get is the code that opens the apps designed for mac osx?

It opens whatever apps are configured as your "helper apps".

 

[superbovine]

i am going to have nightmares...

 

[katie ta achoo]

Ooo.. I kinda wanna go, but don't want to at the same time.

*shrug*

Oh well.


*click*


***UPDATE***
AHH! MY EYES! THE GOGGLES DO NOTHING!!!

 

[Doctor Q]

If you know which member has a link to this site in their signature, please send a Private Message to a moderator.

 

[ajampam]

I have question though....isn't this 'somewhat' similar to what hackers do....cant something like this open up our file folders and do whatever it wants with it? I am just asking because I dont not really know how this thing works....just wondering if any modifications to this can get into our personal data.......

 

[Nermal]

If you know which member has a link to this site in their signature, please send a Private Message to a moderator.

"While I was browsing another forum" - so I don't think it's anyone here

 

[Doctor Q]

"While I was browsing another forum" - so I don't think it's anyone here

Of course, I could have been suggesting that members of THAT forum report the member of THAT forum to moderators of THAT forum, but no, I'm just up too late to read clearly. Yawn...

 

[mad jew]

That is the single coolest site on the net. This is one to send my Grandad.

 

[kalisphoenix]

That is the single coolest site on the net. This is one to send my Grandad.

I wish I stood to inherit money from my grandfather's death.

 

[mad jew]

I wish I stood to inherit money from my grandfather's death.

No, I think you misinterpreted that.

Grandad's not that fragile, thankfully.

 

[Ben Pease]

If you know which member has a link to this site in their signature, please send a Private Message to a moderator.

Oddly, I'm pretty sure that guy is a mod there. Haven't been back to that site since it happened.

 

[ajampam]

Oddly, I'm pretty sure that guy is a mod there. Haven't been back to that site since it happened.

Really!!??? What forum is it?