Wednesday, 24 April 2013

AARTO Website Hacked

Imagine visiting your website only to find someone you've never met and probably never will took the time to deface it. This is definitely one of the top 10 things an IT administrator never wants to see but exactly what happened to the website of the Administrative Adjudication of Road Traffic Offences in South Africa.

Googling for "rEd X was here" clearly shows many sites with similar carnage, results count here was well over 161 000 on Google and the seemed to be mostly wordpress based sites. With such a high count the chances are very good that this is some script being run which checks if a site is vulnerable to a specific wordpress bug or flaw.

Additionally the website is accompanied by the following song on youtube, loaded in the background and played automagically to the user:

Additionally the code contained some interesting javascript to disable the context menu, key down, and mouse down actions on the page:

<body oncontextmenu="return false" onkeydown="return false" onmousedown="return false">

Interestingly enough the name used for some of the files included within the page contain the name "ondhokarer_rajputra" which seems to point to 1 user on google (which has listened to the song above recently), and 1 facebook user, both seem to be based in Bangladesh. Could this be the hacker?

No comments:

Post a Comment