The Poker Players Alliance (PPA) website hacked?

lots0

Banned User - troll posts - flaming
Joined
Jun 3, 2006
Location
Hell on Earth
I did have a link to the Poker Players Alliance (PPA) on my signature.

However, today I was informed that if you clicked on the PPA link it tried to get you dl a file and you could not see the site.

As the PPA is running Wordpress the most hack/crack friendly software on the planet, it is seems obvious to me that they have been hacked.

If you have clicked on the PPA link in my sig or if you have tried to access the PPA website in the last couple of days, run your anti-virus and be careful (the bad stuff on the PPA site disabled my AV)...
I am now going to have to do a complete restore of my system.
 

lots0

Banned User - troll posts - flaming
Joined
Jun 3, 2006
Location
Hell on Earth
Ya that was some bad chit...

Took me all day to get my system clean and I am still not sure I got it all.
 

jetset

RIP Brian
CAG
Joined
Feb 22, 2001
Location
Earth
Did the PPA ever confirm that their site had been attacked and left with a nasty surprise for visitors?
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
It would help if you can identify the exact piece of malware responsible, as there is often a tool around, or a set of instructions, that would enable it's removal without the drastic step of a system restore, and potential loss of your own data.

I've had a few nasty pieces of work on my old PC in the past, and I have often managed to identify the culprit, and remove it with an online tool, or a set of instructions. Only ONCE did I have to sacrifice my data and reinstall Windows, and this was thanks to my Nephew who tried to crack CyberPatrol so that he could look at "dodgy" websites when he was barely a teenager. I had to resort to floppy disks and DOS to retrieve the most important data, and as punishment I did NOT retrieve any of his.

You can STILL do this, by booting from a CD, or removing the hard drive and using another PC and USB drive bay to recover the data. Unless the malware has destroyed the disc itself, or erased it, you can usually get the data back.
 

lots0

Banned User - troll posts - flaming
Joined
Jun 3, 2006
Location
Hell on Earth
jetset said:
Did the PPA ever confirm that their site had been attacked and left with a nasty surprise for visitors?
No. I sent them an email yesterday, but have not heard anything back from them.

vinylweatherman said:
It would help if you can identify the exact piece of malware responsible, as there is often a tool around, or a set of instructions, that would enable it's removal without the drastic step of a system restore, and potential loss of your own data.
Sorry no name.
I did work with several Norton Tech's, they kept having to 'escalate' to better trained tech's, in trying to remove the virus without having to restore, but the virus was too well dug in to my system and kept replicating. Fortunately, I did a full backup on Sunday, as usual, so I didn't lose anything important.

This virus, is a real baddie, it disabled Norton AV and then blocked Norton's top of line tool, the Norton Power Eraser from installing on my system. It also blocked all the manual attempts we made at trying to remove it.

I was running up to date Firefox with NoScript installed and running in very secure mode.
 

lots0

Banned User - troll posts - flaming
Joined
Jun 3, 2006
Location
Hell on Earth
The PPA is back up and running.

However, it appears that they may have lost quite a bit of data.

Whoever did the hack is a real A-hole.
 
Top