Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

A Hacker Website I Clicked On, Doh !

Ben Pease

macrumors newbie
Original poster
Aug 26, 2005
14
0
While I was browsing another forum, a person had a link in their sig and it said something like "my new favorite website". So I'll take a look-see I thought to myself and I clicked on it. It was some virus, hacker website. Pop-ups all over the place of a shock image that I think is called "pillowfight". It was also automatically opening various applications and trying to send multiple emails to "jesuitx@gnaa.us", among other things. I force quit applications (It's amazing I even know how to) as soon as I realized what was happening. I then reset Safari.

The site itself is "thankless.net". A google search for it lists only itself, the title of which is "lolastmeasure by abortion". I found that "jesuitx" name is mentioned in an article on wikipedia describing GNNA though : GNAA. Troll hackers.

Please keep in mind that I'm a novice with computers. I've got a PowerBook G4 with OS X. Can anybody give me advice on my situation ? Is my laptop infected ? What course of action should I take now ?
 

Heb1228

macrumors 68020
Feb 3, 2004
2,215
0
Virginia Beach, VA
Ha! that was pretty funny. I visited the site. I'm not scared.

Ok, for one thing I have some safari helpers installed, so it probably did some crazier things to you than it did to me, but don't worry.

There are no viruses for Mac OS X. Your computer should be fine. Have you noticed anything odd with how your computer has been behaving since visiting?
 
Comment

MacAztec

macrumors 68040
Oct 28, 2001
3,023
1
San Luis Obispo, CA
holy crap, I didn't think that was possible, but sure enough, I went to that page and my Mac went nuts. Opened Adium, Mail, tried to mail some random people, opened Skype too. Weird...how can that happen?
 
Comment

Heb1228

macrumors 68020
Feb 3, 2004
2,215
0
Virginia Beach, VA
I'll go back and try to look at the source code. It didn't do anything to me but try to open a few pop-ups (which can only open in tabs for me) and a voice kept repreating "i'm looking at gay porn"
 
Comment

Nuc

macrumors 6502a
Jan 20, 2003
798
6
TN
That site was messed up!!

MacAztec said:
holy crap, I didn't think that was possible, but sure enough, I went to that page and my Mac went nuts. Opened Adium, Mail, tried to mail some random people, opened Skype too. Weird...how can that happen?
I know what you mean. To many explicit pictures on that site. It opened up terminal and was trying to connect to a server, iChat opened. Though my mail program didn't do anything. Whoever made that site needs to be taken out and shot!!

Nuc

edit: this would be a great website to send someone you hate at work!! :D
 
Comment

Heb1228

macrumors 68020
Feb 3, 2004
2,215
0
Virginia Beach, VA
Here's the source code of the website, looks like javascript and flash



I don't think i know enough about web coding to tell exactly whats going on with it, maybe somebody else can explain.

<html>
<head>
<title>lolastmeasure by abortion</title>
<script src='lol.js' type='text/javascript'></script>
<link href='style.css' rel='stylesheet' type='text/css' />
</head>
<body onload="setTimeout('spawncreate()',100)">
<script type="text/javascript">
function spawncreate() {
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
openWindow("http://www.thankless.net//spawn.php");
}
setTimeout("spawncreate()", 100);
spawncreate()</script>
<table>
<tr><td valign="middle">
<div>
<a href="http://www.gnaa.us/"><img src="images/gnaa.png" alt='gnaa logo' /></a>
<br/><br/>
<a href="http://www.gnauk.co.uk" title="Gay ****** Association">GNAUK</a>
<embed src='http://www.thankless.net//flash/second_opener.swf' type='application/x-shockwave-flash'></embed>
<embed src='http://www.thankless.net//flash/second_opener.swf' type='application/x-shockwave-flash'></embed>
<embed src='http://www.thankless.net//flash/second_opener.swf' type='application/x-shockwave-flash'></embed>
<embed src='http://www.thankless.net//flash/hey.swf'></embed>
</div>
</td></tr>
</table>
</body>
</html>
 
Comment

DeSnousa

macrumors 68000
Jan 20, 2005
1,616
0
Brisbane, Australia
WTF, those images were not right. I had fun beating the spawn in new pages in Safari :D Although no apps opened for me, i guess i did not allow it to go for long.

What i don't get is the code that opens the apps designed for mac osx?
 
Comment

Ben Pease

macrumors newbie
Original poster
Aug 26, 2005
14
0
Heb1228 said:
Have you noticed anything odd with how your computer has been behaving since visiting?

It seems fine, thankfully not crashing and such. Thanks for the help guys.
 
Comment

Stampyhead

macrumors 68020
Sep 3, 2004
2,294
30
London, UK
Heb1228 said:
Here's the source code of the website, looks like javascript and flash



I don't think i know enough about web coding to tell exactly whats going on with it, maybe somebody else can explain.
It's calling to an external JavaScript file (lol.js). Open that file in your browser and you will see the JavaScript code.
 
Comment

kalisphoenix

macrumors 65816
Jul 26, 2005
1,231
1
Well, that was annoying. Fortunately, my Indigo iBook 366 is so slow that I could close the windows as fast as they popped up... :eyeroll:

All it is doing is sending your browser links like telnet://slashdot.org/ and callto://whatever/ and mailto://whatever@whereever/ ... nothing complicated or even all that intelligent. It's not a "vulnerability" and it's not something that can really be fixed without removing all the integration that we Mac users know and love.

Even though I really wish that they'd fix the flash method of circumventing pop-up blockers...
 
Comment

katie ta achoo

Blogger emeritus
May 2, 2005
9,167
2
Ooo.. I kinda wanna go, but don't want to at the same time.

*shrug*

Oh well.


*click*


***UPDATE***
AHH! MY EYES! THE GOGGLES DO NOTHING!!!
 
Comment

Doctor Q

Administrator
Staff member
Sep 19, 2002
38,324
4,749
Los Angeles
If you know which member has a link to this site in their signature, please send a Private Message to a moderator.
 
Comment

ajampam

macrumors regular
Jul 31, 2005
122
0
I have question though....isn't this 'somewhat' similar to what hackers do....cant something like this open up our file folders and do whatever it wants with it? I am just asking because I dont not really know how this thing works....just wondering if any modifications to this can get into our personal data.......
 
Comment

Nermal

Moderator
Staff member
Dec 7, 2002
18,953
1,433
New Zealand
Doctor Q said:
If you know which member has a link to this site in their signature, please send a Private Message to a moderator.

"While I was browsing another forum" - so I don't think it's anyone here :)
 
Comment

Doctor Q

Administrator
Staff member
Sep 19, 2002
38,324
4,749
Los Angeles
Nermal said:
"While I was browsing another forum" - so I don't think it's anyone here :)
Of course, I could have been suggesting that members of THAT forum report the member of THAT forum to moderators of THAT forum, but no, I'm just up too late to read clearly. Yawn...
 
Comment

Ben Pease

macrumors newbie
Original poster
Aug 26, 2005
14
0
Doctor Q said:
If you know which member has a link to this site in their signature, please send a Private Message to a moderator.

Oddly, I'm pretty sure that guy is a mod there. :eek: Haven't been back to that site since it happened.
 
Comment

ajampam

macrumors regular
Jul 31, 2005
122
0
Ben Pease said:
Oddly, I'm pretty sure that guy is a mod there. :eek: Haven't been back to that site since it happened.
Really!!??? :eek: :eek: What forum is it?
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.