Ask HN: is the California state park website leading to malware?

4 points

7 years ago

California state parks use a reservation system that seems to be hacked by malware, by using a DNS typo masquerade, then tries to install Chrome extensions.

What do HN readers recommend to 1) stop the problem now, 2) protect the website for the future?

To reproduce:

1. Visit this California parks page: http://www.parks.ca.gov/?page_id=616

2. Notice the highlight text: "go to reservecaliforrnia.com to view available campsites" and see the misspelling with the extra "r".

3. Go to that misspelled domain name. It redirects to "gogetsplendidapps" and/or to prompt to install Chrome extension "Keep Safe Search". Google reports this as malware.

Update: I'm reporting the issue to the real website, and to the real domain name registrar.

What are approaches to terminate the hack website?

What are suggestions for long-term defense against this kind of attack? For example to install software for many users that would have blocked/refused the hack website?

5 comments

5 comments