« previous next »
Pages: [1]   Go Down

Author Topic: www.5dd.com opens in Chinese  (Read 2258 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
www.5dd.com opens in Chinese
« on: August 06, 2015, 04:05:45 AM »
Whenever I enter a Microsoft Office 2010 365 product & hit "Manage Account" the website that opens is https://login.live.com/login...    as well as www.5dd.com (Chinese).   Is this a virus that Avast should find?

Thanks,
Lara
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37547
  • Not a avast user
Re: www.5dd.com opens in Chinese
« Reply #1 on: August 06, 2015, 07:59:11 AM »
we can check ......

follow instructions here  https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs .... 3 logs total

below the box you write in here, see Attachments and other options

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33915
  • malware fighter
Re: www.5dd.com opens in Chinese
« Reply #2 on: August 06, 2015, 02:51:37 PM »
Break that link to htxp://www.5dd.com like with wXw.5dd.com please as the site may have been compromised.
A drive-by-download threat has been found and WAF/2.0 could have been circumvented.
Read: http://blog.ptsecurity.com/2009/11/another-fine-method-to-exploit-sql.html

While third party scanning this website I receive three warnings:
https://asafaweb.com/Scan?Url=www.5dd.com
— 首页 denotes a linked-in site in Chinese: as the website is based in China.
Quote
Currency Fu Bao is a professional integrated electronic payment and settlement platform, is committed to providing security for the industry businesses, convenient payment solutions, and provide consumers with simple, happy comprehensive electronic payment services.
This is a China Telecom website -> http://whois.domaintools.com/5dd.com

I get a fail for one of the NameServer responding: http://www.dnsinspect.com/5dd.com/1438863756
mail server issues:
Reverse Entries for MX records.
Accepts Abuse Address
WARNING: Found mail servers which are not accepting emails to abuse@5dd.com address:
mxbiz1.qq.com.
>> MAIL FROM: <dnsreport@dnsinspect.com>
<< 250 Ok
>> RCPT TO: <abuse@5dd.com>
<< 550 Mailbox not found. -http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000728
mxbiz2.qq.com.
>> MAIL FROM: <dnsreport@dnsinspect.com>
<< 250 Ok
>> RCPT TO: <abuse@5dd.com>
<< 550 Mailbox not found. -http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000728

Nothing wrong with the various bank links from inside the code, like: http://toolbar.netcraft.com/site_report?url=http://bank.ecitic.com

There is however a osCommerce hack known for an exploitable  -lib/jquery.min.js, minified JQuery possible as such code is not too often reviewed and therefore there may be security risks involved.

XSS DOM vuln.: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.5dd.com%2FScripts%2Fsetinfor.js+
going through  htxp://www.statcounter.com/counter/counter.js  with Dating Websites banner with a cross-site scripting vulnerability.
Site has the all green here: https://urlquery.net/report.php?id=1438864653872

polonus (volunteer website security analyst and website error-hunter)

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »