Jump to content

Someone posted that a forum site may have been infected with malware


Recommended Posts

Someone posted on the /r/RBI subreddit that a forum site Wikipediasucks[dot]co may have been infected with malware and therefore merits investigation by antivirus experts, presumably including the MalwareBytes team:

 

https://old.reddit.com/r/RBI/comments/1934v6z/forum_site_alleged_to_be_infected_by_malwares_or/

 

wikipediasucks.co/forum/ucp.php?mode=login

Full and direct quote in below:

 

A few days ago I was discussing about an internal drama in a forum site which I frequent and as time goes, he made this claim out of the blue:

I asked an IT friend to look into it and he told me its a very suspicious site with evidence of phishing and keystroke tracking software as well as cross referencing of password files. Also told me it has less than 400 registered users and only about 5 or 6 people ever post anything.

The forum in question is wikipediasucks[dot]co and although the work station I frequently use has the protection of some high quality AV software which would have detected them a long time ago if such a claim are true, not to mention having run it through VT and Hybrid Analysis showing that nothing was terribly amiss, I'm still rather unnerved and so I would be thankful if anyone else, preferably those who had access to better detection tools, can help give a second, maybe a third or even twentieth opinion by performing detection runs on that website, including all contents and URLs belonging to it, with the better tools. More comprehensive means more better.

In the meantime I pressed him about the issue who then replied with this:

Also, before I forget, the IT specialist who looked at that website isn't really my friend, he's an acquaintance from the Arizona Department of Public Safety. He said he found keystroke tracking software on that site which is normally used by scammers to get passwords who then try and use them on other websites in the hopes the person is using the same password. Kind of outdated scam actually. He also told me me that he made a dummy account and within days had received a "welcome link" which took him to a phishing website.

In light of above, the pages that directly deals with passwords in the forum, such as the login page (see below), registration page and the password reset pages, are certainly something to investigate as well. VT and Hybrid Analysis results so far turn up clean.

wikipediasucks[dot]co/forum/ucp.php?mode=login

Edited by AdvancedSetup
Disabled hyperlinks
Link to post
Share on other sites

Thank you.

Reddit is not an authoritative site and information posted on it has do be corroborated and verified through a real authoritative location.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

@Clang scanned wikipediasucks.com/ the url in the post is wikipediasucks.co/

anyway result is the same, no blacklist

IP for .com is listed

https://www.virustotal.com/gui/url/06193bd32362a3954031ddc813873463f04bffe2d415c07ce65a2786c0a3e962

Edited by AdvancedSetup
Corrected font issue
  • Haha 1
Link to post
Share on other sites

On 1/13/2024 at 12:09 AM, pondus said:

@Clang scanned wikipediasucks.com/ the url in the post is wikipediasucks.co/

anyway result is the same, no blacklist

IP for .com is listed

https://www.virustotal.com/gui/url/06193bd32362a3954031ddc813873463f04bffe2d415c07ce65a2786c0a3e962

Thanks, but the tool you used is sometimes viewed as entry-level rather than advanced tool anyway. It would be great if the Malwarebytes team can use their advanced tool to perform a comprehensive scan on the website and all its contents.

Link to post
Share on other sites

On 1/12/2024 at 10:20 PM, David H. Lipman said:

Thank you.

Reddit is not an authoritative site and information posted on it has do be corroborated and verified through a real authoritative location.

Except the post mentioned "Arizona Department of Public Safety" which unnerved people a bit.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.