MTNL delhi's Triband Usage site calling a chinese domain?

  • Thread starter boygr8
  • Start date
  • Replies: Replies 30
  • Views: Views 8,149
N

netfreak

Regulars
Messages
2,229
Location
NA
ISP
Airtel GPRS EDGE + VSNL
Code:
echo "GET / HTTP/1.1" | telnet register.bol.net.in 80
will do that on Win ;)
 
B

boygr8

Regulars
Messages
1,903
Location
NA
ISP
MTNL Broadband
OHHHHHHHHH!!

i accessed the site its showing MTNL page but my squid logs shows access to:
http://6688.89111.cn
http://ww3.tongji123.com

so boygr8 is right.. something is fishy!!
Yeah these were addresses i noted in status bar of opera too.

Now the site is not opening at all......may be MTNL has pulled it down
 
C

cyberwiz

Member since 2005
Messages
2,541
Location
Delhi
ISP
Jio Fiber @ 150 Mbps
Hmm..nothing suspicious here even after using GET..plain old MTNL page
 
amish

amish

Star gazer
I got banned!
Messages
24,734
Location
Mumbai
ISP
MTNL Mumbai BB_600 @12mbps
try and try till u succeed
 
C

cyberwiz

Member since 2005
Messages
2,541
Location
Delhi
ISP
Jio Fiber @ 150 Mbps
I transfer this responsibility to u..Amish ..the saviour :p
 
amish

amish

Star gazer
I got banned!
Messages
24,734
Location
Mumbai
ISP
MTNL Mumbai BB_600 @12mbps
i already succeeded LOL. but i guess that site was not much harmful as it was just calling iframe and login page seemed to be untouched or unaltered.
 


C

cyberwiz

Member since 2005
Messages
2,541
Location
Delhi
ISP
Jio Fiber @ 150 Mbps
Yeah not much of a threat i guess..
 
B

boygr8

Regulars
Messages
1,903
Location
NA
ISP
MTNL Broadband
so is it safe to login?Oh i just logged in, guess what there;s a new entry for fixed IP address
 
amish

amish

Star gazer
I got banned!
Messages
24,734
Location
Mumbai
ISP
MTNL Mumbai BB_600 @12mbps
shud be safe to login.
 
B

boygr8

Regulars
Messages
1,903
Location
NA
ISP
MTNL Broadband
And there's no entry for Night MB
 
M

max

Regulars
Messages
2,750
Location
NA
ISP
MTNL
in all this hoopla, has anybody run a whois on those domains / sites? Please do paste it here. Must be interesting. Who is hosting those mysterious sites?

Also, the MTNL site doesn't use HTTPS to login. Only HTTP. So your username / password is being sent in clear text over the internet :p

Do ya feel lucky punk???? Hehehe :p


Update:

Look at these links guys! It might be possible that the MTNL site is INFECTED!!!

Another malware pulls an Italian job -  TrendLabs | Malware Blog - by Trend Micro
Slashdot | Malware Pulls an "Italian Job"
Websense® - Security Labs Alert: Large scale European Web Attack
 
N

netfreak

Regulars
Messages
2,229
Location
NA
ISP
Airtel GPRS EDGE + VSNL
They are after unpatched IE and FF. Those who have turned off windows update are screwed.
 
M

max

Regulars
Messages
2,750
Location
NA
ISP
MTNL
@netfreak, was my hunch correct?? or was it something else? :p
 
N

netfreak

Regulars
Messages
2,229
Location
NA
ISP
Airtel GPRS EDGE + VSNL
Don't know.. but 3 lakh PCs on 2 mbps connection are like gold for any spammer.Even if 10 % of these are running without latest patches then its a good way to pwn those. Basically this site "might" be trying to infect PCs thru browser based downloads. Quite easy if version of FF or IE is not recent.
 

Similar threads