MTNL delhi's Triband Usage site calling a chinese domain?

  • Thread starter Thread starter boygr8
  • Start date Start date
  • Replies Replies 30
  • Views Views 8,399
Code: 
echo "GET / HTTP/1.1" | telnet register.bol.net.in 80
will do that on Win 😉
 
OHHHHHHHHH!!

i accessed the site its showing MTNL page but my squid logs shows access to:
http://6688.89111.cn
http://ww3.tongji123.com

so boygr8 is right.. something is fishy!!
Yeah these were addresses i noted in status bar of opera too.

Now the site is not opening at all......may be MTNL has pulled it down
 
i already succeeded LOL. but i guess that site was not much harmful as it was just calling iframe and login page seemed to be untouched or unaltered.
 

so is it safe to login?Oh i just logged in, guess what there;s a new entry for fixed IP address
 
in all this hoopla, has anybody run a whois on those domains / sites? Please do paste it here. Must be interesting. Who is hosting those mysterious sites?

Also, the MTNL site doesn't use HTTPS to login. Only HTTP. So your username / password is being sent in clear text over the internet 😛

Do ya feel lucky punk???? Hehehe 😛


Update:

Look at these links guys! It might be possible that the MTNL site is INFECTED!!!

Another malware pulls an Italian job -  TrendLabs | Malware Blog - by Trend Micro
Slashdot | Malware Pulls an "Italian Job"
Websense® - Security Labs Alert: Large scale European Web Attack
 
Don't know.. but 3 lakh PCs on 2 mbps connection are like gold for any spammer.Even if 10 % of these are running without latest patches then its a good way to pwn those. Basically this site "might" be trying to infect PCs thru browser based downloads. Quite easy if version of FF or IE is not recent.
 

Top