WTF Paypal got hacked?

Discussion in 'BlackHat Lounge' started by dheer, Jan 19, 2010.

  1. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,551
    Likes Received:
    1,039
    Home Page:
    hey guys I am trying to open paypal.com tried with 3 different browsers and it is redirecting to hxxp://abenaswebsite.com/

    are you having the same problem?
     
  2. dwpg002

    dwpg002 Senior Member

    Joined:
    Dec 29, 2008
    Messages:
    1,041
    Likes Received:
    55
    check your local host file any dns record added
     
  3. trushafty38

    trushafty38 Regular Member

    Joined:
    Jul 24, 2009
    Messages:
    208
    Likes Received:
    99
    Occupation:
    I have many Hats, Including a black one.
    Location:
    My rep is ruined! lol
    no you might want to check for viruses . Run combo fix then avira then malwarebytes
     
  4. maniac2002

    maniac2002 Registered Member

    Joined:
    Jul 12, 2009
    Messages:
    56
    Likes Received:
    46
    Occupation:
    Wherever the mony is
    Location:
    Edmonton, Alberta
    Works OK for me on IE and Firefox......

    I would run Spybot and/or AdAware
     
  5. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,551
    Likes Received:
    1,039
    Home Page:
    well yesterday I have installed Super video converter and I got that program from here. however AVG told me some problems with that program. I just now changed my IP again and now I can access paypal..

    what the heck was that?
     
  6. rebbeca

    rebbeca Regular Member

    Joined:
    Sep 19, 2009
    Messages:
    320
    Likes Received:
    174
    Your computer is hacked
     
  7. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,521
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    You've a rootkit/trojan

    From what you write I am sure it is still in place.
    Some of these trojans are very nasty and extremely hard to remove.
    From your writing I'd suggest you format a harddrive and install windows again, only try to remove it if you know what you are doing (and can be sure you got everything)
     
  8. blazen

    blazen Regular Member

    Joined:
    Mar 8, 2008
    Messages:
    475
    Likes Received:
    148
    Paypal is not hacked, your computer is infected with either a virus, trogen, adware, spyware, or rootkit. A rootkit is the worst and you would have to reformat your computer.
     
  9. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,551
    Likes Received:
    1,039
    Home Page:

    holla really? I am not getting any problem as of now.. I have AVG antivirus installed and I have removed all the programs which I installed yesterday and also I have ZoneLabs Firewall. I can't format my whole harddisk as I just did it a week ago :(
     
  10. Benditer

    Benditer Junior Member

    Joined:
    Aug 13, 2009
    Messages:
    125
    Likes Received:
    37
    Occupation:
    Many
    Location:
    Future
    AVG ... mmmm
    Get some better antivirus like ESET, Kaspersky or even Microsoft security essentials ( free and great). No offence to AVG lovers.
     
  11. Blackhat_Boy

    Blackhat_Boy Newbie

    Joined:
    Oct 2, 2009
    Messages:
    48
    Likes Received:
    235
    Your computer is infected boy!!
     
  12. pyronaut

    pyronaut Supreme Member

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,425
    I would definitely check your hosts file... That is going to be the simplest solution. Even if you un-installed everything, it would have modified your hosts file when you ran the application.
     
  13. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,551
    Likes Received:
    1,039
    Home Page:

    here are my host file details

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost


    Let me know if there is any problem
     
  14. pyronaut

    pyronaut Supreme Member

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,425
    Nope thats all fine (Default).

    Tried different browsers?
     
  15. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,551
    Likes Received:
    1,039
    Home Page:
    actually as I have stated above in one of my previous post that the problem has been solved for now. but some of the guys are saying that I ll have to format and again install :(
     
  16. sagarbest

    sagarbest Senior Member

    Joined:
    Dec 27, 2008
    Messages:
    851
    Likes Received:
    306
    Occupation:
    Online Marketing
    Location:
    Technology World
    Trojan my friend ;)
     
  17. afguy

    afguy Newbie

    Joined:
    Feb 23, 2009
    Messages:
    20
    Likes Received:
    16
    Try hijackthis:

    Code:
    http://free.antivirus.com/hijackthis/
     
  18. judson

    judson Power Member

    Joined:
    Nov 29, 2009
    Messages:
    530
    Likes Received:
    319
    Occupation:
    Fulltime Newbie IM
    Location:
    Sub Ubi
    The thing is, if you have been compromised once, assume that your entire machine is still infected until you do a total reinstall.

    Your assumption is that because the AV found nothing, there is nothing. That assumption is fine for a trivial use machine but if you are going to use that machine to log into anything where money is involved, I wouldn't trust it.

    Just do a total reinstall and notch it down to lessons learned already.
     
  19. nixnash

    nixnash Power Member

    Joined:
    Oct 26, 2009
    Messages:
    581
    Likes Received:
    205
    Occupation:
    Student
    Location:
    BHW
    Lol i think you got some nasty virtus on your laptop....sites just working fine on my end..
     
  20. darkmobius

    darkmobius Regular Member

    Joined:
    Jul 16, 2008
    Messages:
    238
    Likes Received:
    227
    Occupation:
    software developer
    Location:
    canada
    how ironic, the OP was actually the one who got hacked