Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dangerous Website


  • Please log in to reply
12 replies to this topic

#1 Nathuman

Nathuman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 19 January 2014 - 04:35 AM

Before visiting, just imagine the page uses scripts to hold you on the page until you paid- download firefox with firebug addon and open firebug on the page, then edit the source (delete all) and press enter. Now you can check this dangerous page without any risk ;)

idk where to submit this to be sure that the page can be deleted so im looking around in security forums to post this as an information.

 

hxxp://fyjfdtd.cyberwarriorshortages.info/movies/oyOpKoLstwzi5ICg16gWWIXzKgngnB14mW2BgIzIq9wzhHV/mUVQjOeJ_/RBJsZ6deaFcfV_/RU-0g-DTCkBR9JcA~~/ZTY1ZTk1MDc1Y2EyNjY0Yzk2ZDE3ZGNhMGVjY2RhNjM

 

As i said, READ before trying !


Edited by Nathuman, 19 January 2014 - 05:21 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:54 AM

Posted 19 January 2014 - 04:58 AM

Edit your Active link, and just name the site first -

 

I requested for a Moderator to remove it if you do not -



#3 Nathuman

Nathuman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 19 January 2014 - 05:13 AM

what? idk how i should name this page its damn try-to-rip-off-your-money page -.-' i give you an explanation how to prevent to pay, its safe to visit it with my instructions mr :D



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:54 AM

Posted 19 January 2014 - 05:18 AM

Hi,

Please change the http to hxxp at the beginning of the link, this way nobody can click on it by accident.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Nathuman

Nathuman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 19 January 2014 - 05:19 AM

allright, done



#6 Pajajn

Pajajn

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:54 PM

Posted 19 January 2014 - 07:45 AM

It states "your pc has been surfing childpornography and will be locked untill paid"

and some advanced javascript code executes haven't been able to block it with one single excension i tried lol anyone knows how their code is written?



#7 Nathuman

Nathuman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 19 January 2014 - 07:48 AM

thats the source extracted with firebug

Spoiler


close.php:

Spoiler


so if im right, the page just lays in 99 frames with a notify if you are sure to leave- frameblocker should break this 'system'

Edited by Nathuman, 19 January 2014 - 07:59 AM.


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:54 AM

Posted 19 January 2014 - 08:03 AM

Ah, this is browlock it seems. Malwarebtyes has a good question and answer page on this browser locker, it's good reading.

 

Also the html code used to create this is pasted here: http://pastebin.com/THRQ1Xp2

 

xXToffeeXx~


Edited by xXToffeeXx, 19 January 2014 - 08:40 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 19 January 2014 - 09:00 AM

Just FYI...We do not allow the posting of active links to possible malware related sites to include links which may lead to sites where infections have been contracted and spread. If it is malicious, we don't want other members accidentally clicking on such a link and infecting their machines.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 HashX

HashX

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:54 AM

Posted 19 January 2014 - 12:27 PM

I tried to access this link but for some reason the page didn't exist. I don't know why.

 

P.S.: Don't worry, I use an isolated PC- I'm not a noob


I don't always use Internet Explorer, but when I do, it's to download a different browser.

 


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:54 AM

Posted 19 January 2014 - 12:34 PM

I tried to access this link but for some reason the page didn't exist. I don't know why.

 

P.S.: Don't worry, I use an isolated PC- I'm not a noob

Make sure you change the hxxp in the link to http if you are trying to access the page.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 HashX

HashX

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:54 AM

Posted 19 January 2014 - 12:52 PM

 

I tried to access this link but for some reason the page didn't exist. I don't know why.

 

P.S.: Don't worry, I use an isolated PC- I'm not a noob

Make sure you change the hxxp in the link to http if you are trying to access the page.

 

xXToffeeXx~

 

 

Got it. Silly me.

Thanks


I don't always use Internet Explorer, but when I do, it's to download a different browser.

 


#13 AlexSmithFanning

AlexSmithFanning

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gardner, Kansas
  • Local time:07:54 PM

Posted 20 January 2014 - 05:45 PM

Does infect Linux still 


I prefer Linux. Windows 10 is just to invasive for me.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users