SCMagic gone, trojan'd?

Discussion in 'Trading Software' started by alanm, Sep 29, 2008.

  1. alanm


    WARNING: Sites mentioned in this post are potentially dangerous. Do not go to them if you're not prepared to handle the consequences

    Cleaning up some old bookmarks, I attempted to go to "www . scmagic . com", which used to have stuff related to converting to/from Sierra Charts files.

    This site now returns a page that redirects to "www . scmagic . org/English/Index.htm", which returns a 404 page not found error, which is fine - links often get stale.

    So, I went to just "www . scmagic . org". Again, don't do this unless.... The default page at this site is a piece of "wonderful", obfuscated, javascript hack, which ultimately attempts to open an IFRAME window to browse "brzgeni . com/ld/dx".

    This site then redirects to itself, which then redirects to "brzgeni . com/cgi-bin/index.cgi?dx", which then redirects to "for777daily . com/479/", which (finally!) is apparently a gambling site. This is if you are using FireFox 2. If, instead, you are using IE7, it sends you a different page with more obfuscated javascript to delight and destroy you.

    The "scmagic . com" domain record points to an address at as an admin contact, which looks reasonable enough, but "scmagic . org" is a recently updated Indonesian domain.

    Anyone know anything about this?
  2. alanm


    FWIW, both the initial page with the jscript hack and the exe that you eventually download will alert on various antivirus programs (using, but not ZoneAlarm, which uses CA's AV platform.