Closed Bug 494385 Opened 15 years ago Closed 15 years ago

www.Gumblar.cn is a website is listed to be suspicious and contains several exploit scripts and trojans that might harm and infect computers.

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Platform:
All
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: hariprabhas, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

most of website is hacked and edited its pages , html, php pages, and javascript codea also. We edited uploads all the pages, bt in mozilla its shows the attacked website link gumblar.com. all other browser shows exact pages of original website.Once i uninstall and reinstall the Mozilla Browser, then the problem is solved but once again i chkd gumblar.cn in mozilla, the problem comes again. 

I think Gumblar.cn is attacked the mozilla browser also

so pls do the needfull   

         

Reproducible: Sometimes
I don't understand what you're requesting here. Our malware protection is based on data from Google, and according to them this site it hosting malicious code. If you click the "why was this site blocked" button you get

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.gumblar.cn/

At the bottom are steps you can take if you think this site is on the list incorrectly (such as after you cleaned up infected files, if that's what you're trying to say you've done).

I can't currently reach the site, though. Don't know if it's down or if the network between here and there is blocked. If Google can't reach the site to rescan it I don't think they'll take it off the list.

Invalid? I don't know what "the needfull" is.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Component: Build Config → Phishing Protection
QA Contact: build.config → phishing.protection
I can reach the site:

phishing protection is working and did block the site.  the following additional information is available from  google.

What is the current listing status for gumblar.cn?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 6 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-05-22, and the last time suspicious content was found on this site was on 2009-05-22.

    Malicious software includes 5878 scripting exploit(s), 41 trojan(s).

    This site was hosted on 2 network(s) including AS42831 (UKSERVERS), AS10439 (CARI).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, gumblar.cn did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    Yes, this site has hosted malicious software over the past 90 days. It infected 14728 domain(s), including sangsangmadang.com/, wz114.com/, wanted.az/.

How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

    * Return to the previous page.
    * If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
(In reply to comment #2)
> I can reach the site:
> 
> phishing protection is working and did block the site.  the following
> additional information is available from  google.

We check the blocklist and display the warning before trying to load the site. If you click the "Ignore this warning" link do you reach it? I don't from home or work. Ditto for a command-line wget: "unable to resolve host address 'www.gumblar.cn'"
I haven't been able to get all the way to the site if I click on Ignore this warning.  I agree it looks like the site has been taken down.
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.