1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WTF Paypal got hacked?

Discussion in 'BlackHat Lounge' started by dheer, Jan 19, 2010.

  1. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,441
    Likes Received:
    1,029
    Home Page:
    hey guys I am trying to open paypal.com tried with 3 different browsers and it is redirecting to hxxp://abenaswebsite.com/

    are you having the same problem?
     
  2. dwpg002

    dwpg002 Senior Member

    Joined:
    Dec 29, 2008
    Messages:
    916
    Likes Received:
    47
    check your local host file any dns record added
     
  3. trushafty38

    trushafty38 Regular Member

    Joined:
    Jul 24, 2009
    Messages:
    208
    Likes Received:
    99
    Occupation:
    I have many Hats, Including a black one.
    Location:
    My rep is ruined! lol
    no you might want to check for viruses . Run combo fix then avira then malwarebytes
     
  4. maniac2002

    maniac2002 Registered Member

    Joined:
    Jul 12, 2009
    Messages:
    56
    Likes Received:
    46
    Occupation:
    Wherever the mony is
    Location:
    Edmonton, Alberta
    Works OK for me on IE and Firefox......

    I would run Spybot and/or AdAware
     
  5. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,441
    Likes Received:
    1,029
    Home Page:
    well yesterday I have installed Super video converter and I got that program from here. however AVG told me some problems with that program. I just now changed my IP again and now I can access paypal..

    what the heck was that?
     
  6. rebbeca

    rebbeca Regular Member

    Joined:
    Sep 19, 2009
    Messages:
    322
    Likes Received:
    184
    Your computer is hacked
     
  7. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    You've a rootkit/trojan

    From what you write I am sure it is still in place.
    Some of these trojans are very nasty and extremely hard to remove.
    From your writing I'd suggest you format a harddrive and install windows again, only try to remove it if you know what you are doing (and can be sure you got everything)
     
  8. blazen

    blazen Regular Member

    Joined:
    Mar 8, 2008
    Messages:
    471
    Likes Received:
    147
    Paypal is not hacked, your computer is infected with either a virus, trogen, adware, spyware, or rootkit. A rootkit is the worst and you would have to reformat your computer.
     
  9. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,441
    Likes Received:
    1,029
    Home Page:

    holla really? I am not getting any problem as of now.. I have AVG antivirus installed and I have removed all the programs which I installed yesterday and also I have ZoneLabs Firewall. I can't format my whole harddisk as I just did it a week ago :(
     
  10. Benditer

    Benditer Junior Member

    Joined:
    Aug 13, 2009
    Messages:
    125
    Likes Received:
    37
    Occupation:
    Many
    Location:
    Future
    AVG ... mmmm
    Get some better antivirus like ESET, Kaspersky or even Microsoft security essentials ( free and great). No offence to AVG lovers.
     
  11. Blackhat_Boy

    Blackhat_Boy Newbie

    Joined:
    Oct 2, 2009
    Messages:
    48
    Likes Received:
    235
    Your computer is infected boy!!
     
  12. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    I would definitely check your hosts file... That is going to be the simplest solution. Even if you un-installed everything, it would have modified your hosts file when you ran the application.
     
  13. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,441
    Likes Received:
    1,029
    Home Page:

    here are my host file details

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost


    Let me know if there is any problem
     
  14. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    Nope thats all fine (Default).

    Tried different browsers?
     
  15. dheer

    dheer Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 24, 2009
    Messages:
    2,441
    Likes Received:
    1,029
    Home Page:
    actually as I have stated above in one of my previous post that the problem has been solved for now. but some of the guys are saying that I ll have to format and again install :(
     
  16. sagarbest

    sagarbest Senior Member

    Joined:
    Dec 27, 2008
    Messages:
    849
    Likes Received:
    305
    Occupation:
    Online Marketing
    Location:
    Technology World
    Trojan my friend ;)
     
  17. afguy

    afguy Newbie

    Joined:
    Feb 23, 2009
    Messages:
    20
    Likes Received:
    16
    Try hijackthis:

    Code:
    http://free.antivirus.com/hijackthis/
     
  18. judson

    judson Power Member

    Joined:
    Nov 29, 2009
    Messages:
    530
    Likes Received:
    319
    Occupation:
    Fulltime Newbie IM
    Location:
    Sub Ubi
    The thing is, if you have been compromised once, assume that your entire machine is still infected until you do a total reinstall.

    Your assumption is that because the AV found nothing, there is nothing. That assumption is fine for a trivial use machine but if you are going to use that machine to log into anything where money is involved, I wouldn't trust it.

    Just do a total reinstall and notch it down to lessons learned already.
     
  19. nixnash

    nixnash Power Member

    Joined:
    Oct 26, 2009
    Messages:
    581
    Likes Received:
    204
    Occupation:
    Student
    Location:
    BHW
    Lol i think you got some nasty virtus on your laptop....sites just working fine on my end..
     
  20. darkmobius

    darkmobius Regular Member

    Joined:
    Jul 16, 2008
    Messages:
    238
    Likes Received:
    227
    Occupation:
    software developer
    Location:
    canada
    Home Page:
    how ironic, the OP was actually the one who got hacked