Visited website hacked by Syrian Electronic Army--What to do next?

[Michael]

Hi,

A friend of mine visited a hunting enthusiast website that appears to have been hacked by the Syrian Electronic Army (http://www.cthuntingshooting.com).  I am assuming that these people are out to make a political statement; but is there any risk to a computer that unsuspectingly visits these sites?  What should the average user do when confronted with this?  Should anyone contact the website operator?  If so, what's the best way to do that?

The one saving grace might be the fact that he visited with an iPad; is an iPad less vulnerable?  Is there good anti-malware apps for iPad out there?

If any of you could offer some ideas, I would appreciate it.  Thank you.

Mike

[Ziots, Edward]

1)      If its been hacked like you say it has, then you don’t know what malware/spyware or other triggers they have added to the site which might infect your systems and preputrate the malfescance.

2)       Best to ban or block the site in your web filter, or kill access to the network via your Firewall/Routers. And then notify the website owner they have been compromised (they might already know it, then again I have dealt with others that was clueless they was hacked and leading people off into Blachole and other web exploit kits.

 

Z

 

 

Edward E. Ziots, CISSP, CISA, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

Work:401-255-2497

 

 

This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you.

--
--
Need IPv6 Training? See http://www.ipv6securitytraining.com . IPv6 Security Training
 
To unsubscribe from this group, send email to
iscdshield+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/iscdshield?hl=en
 
---
You received this message because you are subscribed to the Google Groups "SANS Internet Storm Center / DShield" group.
To unsubscribe from this group and stop receiving emails from it, send an email to iscdshield+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Johannes B. Ullrich Ph.D.]

Quick note: Please do not post unobfuscated URLs that may lead to malicious URLs. The one earlier slipped through. Sorry (but well, it was slightly misspelled at least).

I will reject some messages in the queue due to listing the full malicious URL.

If you need to post a URL, please replace 'http' with 'hxxp' and add spaces after each '.'. For example: hxxp:// isc . sans . edu

This will render the URL "non clickable" . Otherwise, many mail clients will convert the URL into a link.


--
Don’t miss Cyber Defense Initiative 2013, December 12-19, in Washington DC! Choose from more than 25 hands-on infosec courses plus bonus sessions, vendor expo, and the most challenging NetWars competition of the year! http://www.sans.org/info/138305


Johannes B. Ullrich, Ph.D., GIAC GCIA & GWEB, SANS Technology Institute, (617) 571 1212, twitter: johullrich; http://isc.sans.edu

[Michael]

Dear Dr. Ullrich:

My apologies.  Now that I know the proper formatting, I will keep it in mind.  (It also explains why my WHOIS search did not work all morning.)  I have tried to drop the website owner a note through the admin contact.  I am not sure if there are any special virus prevention methods that will help his iPad.)