It’s our unfortunate duty to inform our readers and users that for a period of several hours some resources on the neosmart.net domain were compromised by one or more attackers unknown. By means of a vulnerability that we were not able to track in one of the scripts on our site, attackers were able to inject malicious JavaScript into resources on our site, leading to visitors to our domain being redirected to a webpage elsewhere online that instructed them to download and install a malicious plugin.
The malware has been purged from our site and resources and there is no longer any threat to our visitors. We’re still working on getting more information, but the malware in question is labeled as JS/BlacoleRef.J and JS/Blacole.A by Microsoft Security Essentials. It’s important to note that visitors to our site could not be infected without their knowledge. The malicious JavaScript in question triggered the browser to display a “do you want to install this plugin” dialog (the exact text differs by web browser make and model), and some browsers were not susceptible to the redirect attack. Users with antivirus software should also not have been at risk, as the malware in question has been blacklisted by the various companies for several weeks now.
We’ve taken steps to prevent this from happening in the future, and while we have yet to determine the method by which the attackers injected this malware into resources on our site, we’ve secured the file permissions to prevent this from happening in the future. Anyone with knowledge about this attack is asked to come forward and help us tie things down further. You can always reach us at support@neosmart.net.
Update (6:30PM CST)
Our site is now in the process of being un-blacklisted by Google and other malware blacklist agencies.
Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate
Sometimes it takes quite a bit of time for google to process the removal, i think somehow you can contact them to hurry up the process, but especially if you are running a business it can be quite a bit painful process.
My copy of Microsoft Security Essentials just caught two of JS/BlacoleRef.K (not A or J), both in AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Q4RW3GP. They are neosmart_net[1].htm and vbulletin_md5[2].js. I wish I’d noted what pages I was on.
Hi Steve,
Those are the files that were corrupted back in November. I just double- and triple-checked and everything’s clean. Sounds like an old temporary file?
MSE detected them while I was on your site yesterday, and I hadn’t been here since before November. A full scan of my machine found nothing else.
Today (31 Dec ’17) I tried to install a home (free) version of EasyBCD and was informed that your site is on a malware list. I immediately left your site. I read your announcement from back in 2011 about an infection. Is this another issue, the same issue that has re-occurred, or an error?
I received the same malware message (firefox/Windows 10)