Kudos for shaming them into fixing the problem. Of course, some people won't like your approach, mostly because of bruised egos. You deserve a medal for protecting the unsuspecting public. Keep up the great posts and thanks.
Dean | 09.12.07 - 6:00 pm | #

I clicked on a number of Google links to the site and got some nasty infections in the virtual machine:

Trojan-Downloader.Zlob.Media-Codec
Trojan.DNSChanger
Trojan-Downloader.Win32.Agent.bjc
Trojan.NewMediaCodec
SpyShredder

The desktop is hijacked and SpyShredder is displaying false warnings of spyware in true rogue fashion.
suzi | Homepage | 09.12.07 - 6:33 pm | #

Here is information on these malware pushers (aka KLIK Gang):


Maksim Samov
KLIK Media GmbH
Grosse Leege Str. 41
13055, Berlin, DE
+49.3094413291

Maxim Korolevich
MK Digital Media
4185 S. Paradise Rd. #3049
Las Vegas, NV 89109 US

Links:
http://www.castlecops.com/postx1...193669-0- 0.html

http://www.webhelper4u.com/ CWSDi..._Klik_gang1.pdf
Arkin | 09.13.07 - 8:37 am | #

The web site has been fixed. I spent some time on the phone calling people there yesterday. All the attention seems to have worked. Pages that redirected to porn and malware now say, "Welcome to vDeck

This is the default page for a vDeck hosting server. If you were expecting to see your website, come back tomorrow. If you still see this message then, send an email to support."
Mike Katz | Homepage | 09.13.07 - 3:08 pm | #

Thanks Mike!
alex eckelberry | 09.13.07 - 3:43 pm | #

I just saw the vDeck messages too. WTG Mike!

The website is not totally fixed, though. The main page of the site, http://tam.ca.gov still has hidden links to pages on their calendar pushing drugs. Look at the page in Firefox, click Tools, Page Info, Links and you can see what I mean.

The calendar links are yielding page not found, however.

Also, they need to find out how it got hacked... what vulnerabilities were used, and patch it! Otherwise the hackers will be right back.
suzi | Homepage | 09.13.07 - 5:49 pm | #