Blackvue sites hacked?

[DashCamMan]

Just was informed via email that Blackvue sites are considered a "Reported Attack Page" by Google. This applies to:

www.blackvue.co.kr and www.blackvue.com

Hopefully they can correct this since I know many people download from those sites.

 

[B20RRL]

Yeah this has come to our attention too...

Would steer clear for a while!

--

From Google:

Of the 56 pages we tested on the site over the past 90 days, 34 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-01-20, and the last time suspicious content was found on this site was on 2014-01-20.
Malicious software includes 33 trojan(s). Successful infection resulted in an average of 17 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including toronsil, dandihelper ,seyanglts

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including samwooind.co.kr,blackvue.co.kr

This site was hosted on 1 network(s) includingAS3786 (LGDACOM).

 

[Peter Wilson]

whats annoying is that I keep getting Google offering me loads of crud in chrome

 

[CheckYourLights]

I hope things get sorted soon. I was never a fan of Blackvue devices between their high price and the issues some models had, but I know they protect some of our fellow drivers here, and that is really a horrible thing to do. It's bad enough having to go through all the work in finding a good camera and then finding out there is a Blackview and Blackvue, and now the possible risk of having your computer infected.

Hopefully everyone who uses the site sees this and keeps their computer safe.

 

[Peter Wilson]

It might be a person who has had no luck with one of there dash cameras.

 

[fastcarguy1]

I contacted Alex at BlackboxMyCar a while ago who is calling BlackVue Korea to advise them of the situation with the website.

Now we wait...............

 

[jokiin]

It might be a person who has had no luck with one of there dash cameras.

that narrows it down a lot

 

[Peter Wilson]

that narrows it down a lot

Well we now know its not a owner of Blackvue gear, that means about 95% of the World, LOL

 

[mollydog]

that narrows it down a lot

you took the words right out of my mouth

 

[B20RRL]

Being brutally honest they need to rip it down and start again from scratch. It's not the easiest website to navigate with little or no thought gone into the UX / Usability of it. It's pretty slow which means that its probably being hosted internally on a cruddy old PC that isn't meaty enough to take the demand and probably had low security hence now getting ridiculously infected. It is probably linked to other terminals internally which means that all those could possibly be infected. Remember DR500s being shipped with a trojan? That was down to their testing machine being infected and writing the viruses to the internal firmware of the camera.

If they played it right they could whip up a relatively decent website which caters to the core idea of what they do, host it on a decent server that can cater with the demand and put on some decent high end security.

Google are going to slam them big time for getting infected and not resolving quickly. It's going to damage any SEO that they had previously done along with any sites that are back-linking. Google really doesn't like you leading their users to a website that contains malware.

I emailed them yesterday and had a response this morning when I got in the office saying that they are aware and apologising for the inconvenience. I hope for their sakes they take this seriously, take the site offline until they have resolved.

 

[mollydog]

All good points B2oRRL, I don't think they'll be pulling their finger out any day soon (hope I'm wrong) but after the mess they made with the DR500 with low bitrate, and never put themselves out to correct it, in fact left it to the Russian guy Mio to do their work for them, I don't hold up much hope they will do much with this either

 

[Peter Wilson]

more cash they spend the less they can pay there bosses.

 

[mollydog]

its a sure fact they ant getting an more of mine

 

[B20RRL]

Looks like they are in the process of fixing the malicious code and probably by the end of the month it should be sorted. In my mind it hasn't been quick enough and is doing enough damage to consumers and also their reputation.

 

[B20RRL]

Ok so looks like Blackvue is back up and running according to a Google Check I did this morning:

What is the current listing status for www.blackvue.com?

This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 688 pages we tested on the site over the past 90 days, 551 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-01-28, and the last time suspicious content was found on this site was on 2014-01-26.
Malicious software includes 66 trojan(s). Successful infection resulted in an average of 17 new process(es) on the target machine.

Malicious software is hosted on 8 domain(s), including kosa.tonny.net/, samwooind.co.kr/,doubletour.co.kr/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including samwooind.co.kr/, blackvue.co.kr/.
This site was hosted on 2 network(s) including AS3786 (LGDACOM), AS45996 (GNJ-AS-KR).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.blackvue.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.
​