It's been posted on deviantART, making rounds with about 10,000 notes on Tumblr, and made a few posts on a site called Kotaku, it also has some pretty bad ratings on sitejabber, and more.
Most posts seem to claim that Wallpart has been around for years. I find that hard to believe. But, it's apparently a spamdexing site that will infect your PC with malware once you file in a DMCA complaint.
But, is it really malicious? We're going to go ahead and find out.
When we enter the website, we will find this:
A very standard homepage, kind of like one of those fake "toolbar" search engine homepages.
The site claims to index over 10 billion images. Again, very hard to believe.
Lets go ahead and search for "birds".
Yep, those are definitely birds. They obviously don't own the art, but lets go ahead and try to buy it.
The usage of a comma is... rather strange, since in the United States, periods are used for currency, not commas. Especially in USD. If you were from America, you might figure that the actual cost of this photo is $5,590. Ouch!
I didn't take a screenshot of it, but at the bottom of the page, they did not ask for any type of credit card information whatsoever. None. At all. That's pretty weird.
Now, forget about the cart for now. Where all of the malware comes from, apparently, is the "DMCA" part of the page. At the bottom there is a "DMCA" and you can click and, and you can "Report a Item Violation". Now, this is where almost all of the posts say the malware comes in from.
Lets begin a Fiddler4 and Wireshark session, and click on the link.
Hmm.. no form? Very weird.
We don't have any suspicious-looking processes running however.
I can safely say however I am in no doubt this site is a huge scam (and most likely malicious) and that it definitely pulls results from Google Images. If we type 241543903, an famous google search image meme, we will get this:
Also, it's kind of funny that that GeoCities-era hit counter that claims "Happy Buyers" never updates. Maybe its for how many people have bought products from this site? Who really knows.
Checking the Fiddler and Wireshark logs, nothing suspicious comes up.
But just to be safe, what happens if we do a scan with MalwareBytes?
Well, in conclusion, I can gather that this website is definitely a huge scam. I would advise anyone who actually "bought" from this website to get their money back. I would also advise anyone who went to this website to scan their computers, because although I didn't seemingly get anything malicious (or anything that's detected by antimalware products, haha) I wouldn't put even a shred of trust in this company not to embed some hidden exploits onto their websites.
No comments:
Post a Comment