Page 1 of 2

Trojan Warning on bncpj.org/supple-scoliosis-tingling-right-side-of-body/

Posted: Thu Dec 16, 2010 10:42 am
by Grandma_Cindy
"Report Attack Page" warning of dangerous trojan on this site:
bncpj.org/supple-scoliosis-tingling-right-side-of-body/

i have visit...

Posted: Thu Dec 16, 2010 11:02 am
by Guest
i have visit that page but nothing found..
even no warning was there...
Can u provide some screen shot ...
Need evidence rather than to believe in false claims...

Hp hosts

Posted: Thu Dec 16, 2010 11:25 am
by charrox
It is listed in hp hosts.
That is enough for me to rate it red
Here's the link.

http://hosts-file.net/?s=bncpj.org

-

Posted: Thu Dec 16, 2010 12:34 pm
by i☆
It looks harmless. I'm going to need some proof before I add my rating.

You should contact

Posted: Thu Dec 16, 2010 12:37 pm
by giedrius
You should contact hosts-file owner for removal from hp hosts. As any blacklist, the reasons for entering it might be expired, or it might be false positive.
At the moment I think that the URL you posted is a link with spam -submitted page.

The owner needs to clear them up

Posted: Thu Dec 16, 2010 1:00 pm
by charrox
Even though it looks harmless, the owner has the obligation to clear them up. It gives bad reputation.
Once it is cleared I will change my mind.

Re

Posted: Thu Dec 16, 2010 5:59 pm
by Guest
ViriusTotal report

http://www.virustotal.com/url-scan/report.html?id=87c34551955ac7ca2df0323cdf1d7b8e-1292518489

URL analysis tool Result
Firefox Clean site
G-Data Clean site
Google Safebrowsing Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site



Virustotal downloaded file analysis

http://www.virustotal.com/file-scan/report.html?id=b23a53b87ba5b362313713cfc9fca9d6db25c4abc144db78051c9b9236da1c4a-1292522094

Submission date:
2010-12-16 17:54:54 (UTC)
Current status:
queued (#146) queued (#146) analysing finished
Result:
0/ 43 (0.0%)

I'm going to visit that webpage and I shall update my post

Wait a minute . . . wait a minute

Posted: Thu Dec 16, 2010 8:04 pm
by Guest
@ charrox,

You mean you're rating based on listing in only one blacklist? Have you checked the site, and used WOT tools, and looked at other blacklists?

second chapter

Posted: Thu Dec 16, 2010 9:41 pm
by Guest
The Targeted webpage has been deleted or is unreacheable

[url=https://www.mywot.com'http://img404.imageshack.us/i/internalerror.jpg/' t='_blank']Image[/url]

Main Page

[url=https://www.mywot.com'http://img254.imageshack.us/i/cost.jpg/' t='_blank']Image[/url]

There is a PDF file, I have downloaded it and submitted to virustotal

http://www.virustotal.com/file-scan/report.html?id=1a653383f26474d4a8858c00a276d1bfd2518a8f8a5fd563abe2c59d7a98a1cb-1292523279

File name:
BNCPJleaflet.pdf
Submission date:
2010-12-16 18:14:39 (UTC)
Current status:
queued (#148) queued (#148) analysing finished
Result:
0/ 42 (0.0%)


Clean

when I click on merchandise I'm redirected to this site

cafepress.com/bncpj


[url=https://www.mywot.com'http://img138.imageshack.us/i/merchandiseg.jpg/' t='_blank']Image[/url]

Your main site looks clean

the second one has 4 webbugs and I have been also alerted by MalwareBytes AntiMalware IP Blocker (Firefox was trying to get connected to a malicious website)

@ OP Out of curiosity

You estimate the cost of some Wars in money
I thought Life had no price
and as my signature shows
"Freedom is not free"

Are you selling products in the name of what cause?

Thank you in advance for your reply


third chapter

Posted: Thu Dec 16, 2010 10:08 pm
by Guest
external links and scripts analyzed

cafepress.com

http://www.google.com/safebrowsing/diagnostic?site=www.cafepress.com

Malicious software includes 6 scripting exploit(s).

Suspicious

ustforeignpolicy.org

http://www.google.com/safebrowsing/diagnostic?site=www.justforeignpolicy.org

Clean

costofwar.com



http://www.google.com/safebrowsing/diagnostic?site=www.costofwar.com

Clean