How does this happen?

Zepher

[H]ipster Replacement
Joined
Sep 29, 2001
Messages
20,905
I fixed a friends netbook with some spyware and gave it back to him and a couple of hours later he calls me and says that he got a lot of pop ups saying the machine may be infected.
The netbook had a fresh install of Windows 7 Starter and Mozilla Firefox.

I asked him where he browsed and he said Fox News for about 30 seconds and then to his site, esac.us.

Well, I looked at the history and he used google to search for both fox news and esac.us
I replicated the pop ups on the netbook by searching for fox news in google, then searching for esac.us in google.

and I just did it on this XP machine, googled for fox news, then googled for esac.us, then clicked on the first link which is his site and it popped up saying that the site 87.xx.xx..xx was a reported attack site.

Just tried with IE and Malware bytes blocked the site.

typing in esac.us in the address bar doesn't bring up any warnings.

Do you think there is something on the site or is it something wrong with google?

using IE and Yahoo to search for esac.us and clicking on it causes Malwarebytes to block it.
 
That's because the google result may be for an old site or something because 87.248.180.90 (the IP from the google result) is not the IP address for esac.us which is 66.69.131.19

Which upon further review would seem to be some sort of compromise of the site by the first address.
 
Back
Top