trojan horse detected on chugger pump web site

BrewSwag 728
Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
megalomani

megalomani

Well-Known Member
Joined
Oct 8, 2007
Messages
177
Reaction score
7
Location
Cincinnati
My computer has Avast antivirus running. Just a few minutes ago I went to the Chugger pump site (chuggerpump.com) and avast sounded an alarm. It said it detected and blocked a trojan horse. Any time I navigated anywhere else on the site avast repeatedly reported the pages a malicious.

Anyone else having this happen? I wanted to contact the owner but didn't want to stay on the site any longer to get his contact info. Don't wabt to make things sound bad for Chugger but wanted to warn others without virus protection if there really is a danger.
 
There is something there. I went to the chuggerpumps page, and after a few seconds, it automatically went through a few reloads to some kind of scam advertising page.

I did a little debugging, and it appears that someone go into the site and inserted some obfuscated malicious code at the bottom of one of the JS files the page loads. (/js/cufon.js).

Don't visit their site for a bit, as it definitely appears to have been exploited.
 
People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.
 
If they accept credit cards they are required by their agreements with credit card companies to follow PCI (PCI DSS) standards. It's designed to protect the "company" against lawsuits from consumer information theft. If you don't there are big fines associated with it.

This is a security breach and could possibly lead to compromised account holder information. I guess that Mcaffee secure badge at the bottom of the page means diddly.
 
stamandster said:
If they accept credit cards they are required by their agreements with credit card companies to follow PCI (PCI DSS) standards. It's designed to protect the "company" against lawsuits from consumer information theft. If you don't there are big fines associated with it.

This is a security breach and could possibly lead to compromised account holder information. I guess that Mcaffee secure badge at the bottom of the page means diddly.
Click to expand...

A lot of times the PCI compliancy is a joke. Just a form to fill out that you "certify" you are doing things within spec. If you do have a breach you are then marked as a level 1 and it makes it far more difficult to be re-certified.
 
jbsengineer said:
A lot of times the PCI compliancy is a joke. Just a form to fill out that you "certify" you are doing things within spec. If you do have a breach you are then marked as a level 1 and it makes it far more difficult to be re-certified.
Click to expand...

Similar to 201 CMR 17 for Mass. However, I work for a Bank so we have Federal and State auditors that take this stuff pretty seriously (you can get your charter removed!). But, we don't have to comply with PCI DSS (just yet; still going to act as if we are). They are still good practices to implement and they are generally the same "best practices" across all different security policies/regulations (like SAS70.. well I guess ISAE 3402/SSAE 16 now; state/federal/vendor).
 

Similar threads

augiedoggy
This site is triggering my antivirus as a threat
Replies
21
Views
2K
augiedoggy
augiedoggy
B
Pump&coolbox fermentation control system
Replies
4
Views
2K
Shakybones
S
J
  • Article
So you want to go pro?
Replies
33
Views
2K
rexbanner
rexbanner
J
  • Article
So you want to go pro?
Replies
33
Views
780
rexbanner
rexbanner
S
The Definitive Kombucha FAQ Resource
Replies
0
Views
4K
Superdown
S
SSBrew 300

Latest posts

Back
Top