Hi AOL, Primcapital.com seems to be hijacking/mirroring the entire AOL.com site!

Oh, boy, how one thing always leads to another, especially with AOL.

Tonight a reader asked how to access the AOL Classic home page (the answer is you can’t, because AOL Classic is gone).

Once that was sorted out (I told her to use http://netscape.aol.com instead – it’s ugly, but it’s basically the same thing), I tied up a few other loose ends on this blog, then – you know how I always get bored – so I usually go trawling through search engines to see what trouble I can find, since trouble doesn’t bore me? OK.

So tonight I’ve won the “un-bored” jackpot. Using the search terms (with quotes, exactly as you see it) [“aol” “back to classic” “developer network”] – which were two links at the bottom of the AOL Classic home page] I got this as the third result: http://www.primcapital.com/default_003.html.

Clicking the Prim Capital link takes you to an identical copy of the AOL Classic home page. Every link you click on that page brings you to another hijacked AOL page on Prim Capital’s servers. Curious as to whether AOL owns Prim Capital or not, I looked it up and, nope, apparently not!

But that’s where my gumshoeing stops. I have got to get to bed!

Have fun, AOL – I wash my hands of this little phishing attack or whatever it is you have going on with the Prim Capital people (but if I owned AOL, whoever runs Prim Capital wouldn’t be able to say their names without speech synthesizers by tomorrow morning – just sayin’).

Oh, and if you’re a reader who uses AOL? PLEASE DO NOT VISIT THE PRIM CAPITAL SITE. IT IS NOT AOL! YOU MAY GET PHISHED OR GET YOUR IDENTITY STOLEN! HERE BE DRAGONS! ETC.

Hacked AOL account? Let Google teach you how to hack it yourself.

Updated 7-1-09.

Since I wrote this post it’s risen to the #1 slots for the keyword searches mentioned below, so to save you time, if you’re here for the phone number to report a hacked AOL or AIM account, it’s 1-800-307-7969.

Tonight I typed “report hacked aol email” into Google and got, among other irrelevant things: “how to hack an AOL account“. Brilliant! Just to ensure my fury shot from moderate to severe, I typed “contact aol hacked” next, and got the same damn results…curses on Google. May fire rain down from heaven on their precious servers.

Continue reading…

Welcome! You’ve got PHISH!

Watch out, AOL users. If you see this in your inbox – like I did tonight – then you’ve got Phish. Symptoms of Phish are as follows:

  1. You have an irrepressible urge to click on real-looking links to AOL
  2. You think this phisher’s email is so convincing
  3. You can’t understand why the fine folks at AOL, a multi-billion dollar company, misspell words, mangle grammar and forget to punctuate

Continue reading…

AOL hosts 450 infected sites; be careful where you click!

No, not THIS Trojan...

Sunbelt, the people who make CounterSpy and other software security products, reported on their blog yesterday that at least 450 free AOL sites are infected with the Trojan-Downloader.Zlob.Media-Codec, more commonly known as the zlob-fake-codec.

How this works is you click a search engine result that takes you to an infected AOL account (user.aol.com is shown in the screen shot of an infected result page on Sunbelt’s blog), then you’re prompted to download an ActiveX component to view the web page. If you click Continue to download it, your computer is infected with up to two hundred trojans and unsafe ActiveX components.

Continue reading…

Puerto Rican AOL.com Defaced By Hacker

AOL Defacement

From Zone-H, an IT news and information site: Zone-H and AOL’s Puerto Rican version of AOL.com was hacked and seriously defaced today in three separate DDoS attacks.

I’ll post more details as they become available.


Update: Helpful thread about “cwings” is here. Apparently he’s been hacking big websites for quite some time. Another website he defaced is discussed here, with screen caps.

Another update: Found information on Wrigley.com about the hacker from a guy who says he was framed by him for another attack. This is the hacker’s WhoIs page.