Saturday, April 3, 2010

turatii.ro Total threats on this site: 3687

http://safeweb.norton.com/report/show?url=http:%2F%2Fwww.turatii.ro%2Findex.php%3Ffunc=articol%26domeniu=4x4%20on%20Road%26articol=465

Threat Report
Total threats found: 3687


Security Risks (what's this?)
Threats found: 3655
Here is a sample:

Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=59f645ccac4835348316cf256b6dcd2b&act=Members



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=59f645ccac4835348316cf256b6dcd2b&act=Help



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=59f645ccac4835348316cf256b6dcd2b&act=calendar



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=59f645ccac4835348316cf256b6dcd2b&act=idx



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=59f645ccac4835348316cf256b6dcd2b&



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?&act=Members&photoonly=&name=&name_box=all&max_results=10&filter=ALL&sort_order=desc&sort_key=posts&st=16930



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?&act=Members&photoonly=&name=&name_box=all&max_results=10&filter=ALL&sort_order=asc&sort_key=name&st=16930



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?&act=Members&photoonly=&name=&name_box=all&max_results=10&filter=ALL&sort_order=desc&sort_key=posts&st=16890



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?&act=Members&photoonly=&name=&name_box=all&max_results=10&filter=ALL&sort_order=asc&sort_key=name&st=16940



Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?&act=Members&photoonly=&name=&name_box=all&max_results=10&filter=ALL&sort_order=desc&sort_key=posts&st=16940




Drive-By Downloads (what's this?)
Threats found: 32
Here is a sample:

Threat Name: HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?act=Login&CODE=06



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getlastpost
Location: http://turatii.ro/forum/index.php?s=07cfdec30337a3bc4baaf392ac492aa1



Threat Name: Direct link to HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=e5ef27f5d9f615debd41a3ff6c60c6c8&act=idx



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getnewpost
Location: http://turatii.ro/forum/index.php?s=64872e1430c24efb8e6378175ffabc66



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getlastpost
Location: http://turatii.ro/forum/index.php?s=2a6d1b2bbb41fe61d6632f5fd0a50985&act=idx



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getnewpost
Location: http://turatii.ro/forum/index.php?s=c1550339d66816678d0d730607a64dca&act=idx



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getnewpost
Location: http://turatii.ro/forum/index.php?s=5c5d5a7c85374a340da772aaf44171f6



Threat Name: Direct link to HTTP Malicious Toolkit Variant Activity
Location: http://turatii.ro/forum/index.php?s=e974eeb8f7d7ac9cdbbba80a63457340&act=idx



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getnewpost
Location: http://turatii.ro/forum/index.php?s=b978a5837bb5f83893b6c4b28da93aea



Direct link to: http://turatii.ro/forum/index.php?showtopic=2&view=getlastpost
Location: http://turatii.ro/forum/index.php?s=e915e20f857de0936615406f946bef32&act=idx

1 comments:

tux said...

Code injection is fun!
Check out the source pages. On line 12 you'll find a Java Script with some encrypted chars in the end. No use trying to decrypt, simply replace the document.write() call with an alert() and run it. An alert window will pop-up with the unencrypted code: 'http://xxx.sacaschool.com/15//index.php" width=1 height=1 style="display:none"'
Looks like a trojan is supposed to download from there, but I found nothing. Guess it's a pretty old exploit (2008). Still though, good job.

Post a Comment