Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

Watch out for the "ONTHERIGHTSTUF.BIZ" virus

Started by Crippled2013 , Feb 10 2024 12:23 AM

  • Please log in to reply
11 replies to this topic

#1 Crippled2013

Crippled2013

  • Avatar image
  • Members
  • 49 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:49 AM

Posted 10 February 2024 - 12:23 AM

There is a sneaky virus called ONTHERIGHTSTUF.BIZ that will change the icon of the folder it's in that will say TDS and will change the thumbnail on some of the files in that folder in Linux. If you search for ONTHERIGHTSTUF.BIZ it will try to install an extension in your browser. Make sure you decline to install any extension that pops up when you search for ONTHERIGHTSTUF.BIZ to see what it is. ClamTK couldn't detect it but I searched for it manually and I deleted the infected file to get rid of it. This happened running MX Linux so who knows what will happen with other operating systems if you get infected with that virus. 


BC AdBot (Login to Remove)

 

#2 JohnnyBeeGood

JohnnyBeeGood

  • Avatar image
  • Members
  • 3,452 posts
  • OFFLINE
    •  
  • Local time:01:49 AM

Posted 10 February 2024 - 08:37 AM

Searches only comes back to your post.


#3 Crippled2013

Crippled2013
  • Topic Starter

  • Avatar image
  • Members
  • 49 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:49 AM

Posted 10 February 2024 - 11:11 AM

Searches only comes back to your post.

DuckDuckGo shows it otherwise.

Which search engine did you use?


Edited by Crippled2013, 10 February 2024 - 11:13 AM.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Avatar image
  • Members
  • 34,434 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:05:49 AM

Posted 10 February 2024 - 12:45 PM


Searches only comes back to your post.

DuckDuckGo shows it otherwise.
Which search engine did you use?

Nothing on ddg so can you share more info?

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop - https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server - https://termbin.com/zvra

#5 Crippled2013

Crippled2013
  • Topic Starter

  • Avatar image
  • Members
  • 49 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:49 AM

Posted 10 February 2024 - 02:30 PM

This is what I get. I won't click on it to go further because I don't want to get reinfected again.

Screenshot-2024-02-10-14-14-41.png


Edited by Crippled2013, 10 February 2024 - 03:14 PM.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Avatar image
  • Members
  • 34,434 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:05:49 AM

Posted 10 February 2024 - 02:48 PM

Oh I was expecting a massive news article on it or a threat alert from like fireeye or mandiant

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop - https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server - https://termbin.com/zvra

#7 Crippled2013

Crippled2013
  • Topic Starter

  • Avatar image
  • Members
  • 49 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:49 AM

Posted 10 February 2024 - 03:11 PM

No second hand or third hand or more hands information here. Just first hand information on it. I guess fireeye or mandiant don't know about because of how new it is. By the way, thank you for posting about fireeye and mandiant because I never heard about those two.


#8 cryptodan

cryptodan

    Bleepin Madman


  • Avatar image
  • Members
  • 34,434 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:05:49 AM

Posted 10 February 2024 - 03:18 PM

There are others and I may just run this with Wireshark and see what it does in Linux in a browser

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop - https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server - https://termbin.com/zvra

#9 Dominique1

Dominique1

  • Avatar image
  • Members
  • 916 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Local time:12:49 AM

Posted 10 February 2024 - 03:18 PM 

No Data Found

Looks like the domain name has been taken offline, or has never existed.  Maybe the bad actors have attempted to create a google search buzz from nothing.


#10 JohnnyBeeGood

JohnnyBeeGood

  • Avatar image
  • Members
  • 3,452 posts
  • OFFLINE
    •  
  • Local time:01:49 AM

Posted 10 February 2024 - 05:23 PM

I used Google and still get the same result.....only your post.

 

And your screen shot shows it couldn't be found.


Edited by JohnnyBeeGood, 10 February 2024 - 05:27 PM.

#11 JohnnyBeeGood

JohnnyBeeGood

  • Avatar image
  • Members
  • 3,452 posts
  • OFFLINE
    •  
  • Local time:01:49 AM

Posted 10 February 2024 - 06:18 PM

DuckDuckGo shows it otherwise.

 

Not on my computer. Just your post.

And when I use quotation marks, only one link, Bleeping Computer.


#12 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,920 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:49 AM

Posted 10 February 2024 - 09:04 PM

I found bogus removal guides for Obisthatitgi.biz, Testraightphe.biz, Nthisareai.biz on Yandex. ONTHERIGHTSTUF.BIZ appears to be yet another one similar to these but no articles have been written for it yet.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

Back to General Security


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. General Security
  4. Privacy Policy
  5. Rules ·