I am created account here for this matter . I am here to Confirm That All kerala circles are affected by this worm . may be its a hacked server from bsnl or intentionally they are doing it . Node.js express script is used to hijack that server . May be this hacker Getting thousands of dollars . We can also do it easily with bsnl servers
BSNL is inserting ads in websites, sending their users to malware sites through malware code injection
- Thread starter CRACING
- Start date
- Featured
- Replies 645
- Views 199,785
We got a bsnl connection only recently about 10 days ago. I did not notice these popups / hyperlinks for some time. But today I thought I must check. I am running linux ubuntu 18.04.
most webpages that I open are just jumping off to naganodigei.com which redirects to a random commerce website on its own. This is scary. anything that I transmit on web information becomes compromised. What can I do to fix this. A google search for naganodigei brought me to this page. blocking off popups on chrome did not fix the problem. Infact they are blocked by default and I did nothing to change the status.
I have exactly the same problem with firefox.
most webpages that I open are just jumping off to naganodigei.com which redirects to a random commerce website on its own. This is scary. anything that I transmit on web information becomes compromised. What can I do to fix this. A google search for naganodigei brought me to this page. blocking off popups on chrome did not fix the problem. Infact they are blocked by default and I did nothing to change the status.
I have exactly the same problem with firefox.
rajujayaraman
Newbie
HTTPS sites cannot be injected with ads. Also this redirection is intelligent and happens only sometimes. It is possible only on HTTP websites and that too randomly. Try using Google DNS 1 : 8.8.8.8 or Google DNS 2 : 8.8.4.4 (this does not help). Using HTTPS Everywhere plugin does not help nor does resetting Chrome data. It also happens on Firefox. But I found the solution :
1. Add the following entry to your system hosts file (C:\Windows\System32\drivers\etc\hosts) (admin rights required) :
You can also add these two URLs (not those IP addresses) in some URL FIlter Block of your router etc.
2. Reboot your router and close all browsers.
By finding sources in console (right click and press Inspect Element then go to the tab according to the browser you use : Chrome -> Sources OR Firefox -> Debugger), I found this malware JS file coming from above website. Once you add it to hosts, it will get blocked from access. Try and tell what happens. Will add more to above list as I find them
1. Add the following entry to your system hosts file (C:\Windows\System32\drivers\etc\hosts) (admin rights required) :
Code:
127.0.0.1 decademical.com
127.0.0.1 mutualvehemence.comYou can also add these two URLs (not those IP addresses) in some URL FIlter Block of your router etc.
2. Reboot your router and close all browsers.
By finding sources in console (right click and press Inspect Element then go to the tab according to the browser you use : Chrome -> Sources OR Firefox -> Debugger), I found this malware JS file coming from above website. Once you add it to hosts, it will get blocked from access. Try and tell what happens. Will add more to above list as I find them
Last edited:
rajujayaraman
Newbie
Hi, dembarto,
Kindly give , how to add this line in the windows hosts file.
I know how to access the host file, but please show how to add this line, so that it may be useful to all users to try.
Users may have different OS.
My windows 7 host file may be dfferent from others.
Please put # and where to add this 127.0.0.1 normally denoting your system ip.
I will then try and inform you.
Hi, dem, what about naganoadigei.com which is the first redirect point mainly on http sites.
i found that ip belongs to Netherland, and whenever i click link in http sites, they ultimately tries to load this website first.
I filtered this website, so , the website tries to load but by closing this tab, you are back to the original site of the link you choose correctly.
i even sent this data to the bsnl office.
Hi, dem, could we add this website to the router control, so that we need not make this entries on each device. Mobile device does not have any host file.
Expecting reply to this
Edit: When i just copy the said website com and enter, i get in to Google Start Page
Your efforts are appreciated
Malware bytes supposed to be the best malware remover do not capture this kind of injection inside web links
when i checked the whose ip, it is amazon.com
the image link is
itisamazon
Moreover, when i clicked the history of yesterday., the same search gogle,, the result of the particular site, which has so much redirects, each time, it goes to some install fake websites, has not been found in the first google search items.
I am curious still more dem.
I have added your suspicious com to my router filter and i will try some http sites
Kindly give , how to add this line in the windows hosts file.
I know how to access the host file, but please show how to add this line, so that it may be useful to all users to try.
Users may have different OS.
My windows 7 host file may be dfferent from others.
Please put # and where to add this 127.0.0.1 normally denoting your system ip.
I will then try and inform you.
Hi, dem, what about naganoadigei.com which is the first redirect point mainly on http sites.
i found that ip belongs to Netherland, and whenever i click link in http sites, they ultimately tries to load this website first.
I filtered this website, so , the website tries to load but by closing this tab, you are back to the original site of the link you choose correctly.
i even sent this data to the bsnl office.
Hi, dem, could we add this website to the router control, so that we need not make this entries on each device. Mobile device does not have any host file.
Expecting reply to this
Edit: When i just copy the said website com and enter, i get in to Google Start Page
Your efforts are appreciated
Malware bytes supposed to be the best malware remover do not capture this kind of injection inside web links
when i checked the whose ip, it is amazon.com
the image link is
itisamazon
Moreover, when i clicked the history of yesterday., the same search gogle,, the result of the particular site, which has so much redirects, each time, it goes to some install fake websites, has not been found in the first google search items.
I am curious still more dem.
I have added your suspicious com to my router filter and i will try some http sites
Last edited:
rajujayaraman
Newbie
Hi, dem , how did you notice that website? Then how it only acts on bsnl network. please
I updated my post and added a new website. The script is same. Malwarebytes etc. do not know this problem as it is not yet reported to them (maybe). Also when I blocked decademical.com, after few hours this mutualvehemence.com started loading the same JS posted earlier. It is a BSNL problem most likely. I will use VPN and tell results.
decademical.com and mutualvehemence.com both redirect to Google to show as if they do not exist. But if they did not exist this redirection would not take place and browser will show error loading page.
Adding the URLs directly to URL filter has the same effect as adding it to hosts file. Also notice if it happens on mobile when visiting some HTTP website using the same BSNL router connection.
Do not worry about your personal information being stolen. These websites cannot inject ads on HTTPS (secure) websites like gmail, bank website. I will report this to Kaspersky (i hv licensed version). No point in blocking those
EDIT : No redirection issues with VPN. This is a problem limited to BSNL (not yet sure). This is a new problem and has affected every BSNL user on PC only. My solution is just a temporary fix. IT IS IN HANDS OF BSNL TO FIX THIS OR NOT.
decademical.com and mutualvehemence.com both redirect to Google to show as if they do not exist. But if they did not exist this redirection would not take place and browser will show error loading page.
Adding the URLs directly to URL filter has the same effect as adding it to hosts file. Also notice if it happens on mobile when visiting some HTTP website using the same BSNL router connection.
Do not worry about your personal information being stolen. These websites cannot inject ads on HTTPS (secure) websites like gmail, bank website. I will report this to Kaspersky (i hv licensed version). No point in blocking those
naganoadigei website...EDIT : No redirection issues with VPN. This is a problem limited to BSNL (not yet sure). This is a new problem and has affected every BSNL user on PC only. My solution is just a temporary fix. IT IS IN HANDS OF BSNL TO FIX THIS OR NOT.
Last edited:
rajujayaraman
Newbie
dem, Even if we use public dns like google and open, this is a annoying problem.
I discontinued google dns, as i found that it is giving access to some middle country server to randomly use your connection. I wrote in google forum and to the google. No response.
I use routercheck, to check router and it has reported no problem with BSNL .
That application has a new concept of actual dns. and thro this actual dns server, i was able to find the usage of foreign country's server on our connection.
I tried java script blocking inchrome, but no effect.
It is curious but attacks on the web page when we go to the website, http. When you just click, before going to the browsing site, every malicious including downloads are downloaded to our pc.
Please see my post of mvp hosts, which have included thousands of websites lilke the one you mentioned. They are adding quarterly the new suspicious websites.
I am also not sure about VPN, because, instead of google, you are giving particulars to vpn servers.
The solution lies with restricting the access to your router and all are becoming https websites.
Why http sites continue in http protocol.Does google charge something for https websites?
ROurer filter may altogether , being the gateway of internet connection, block those in all the devices connected. Is it not?
See this interesting article where the author has mentioned how java script attacks web pages and steal personal information from http sites
JavaScript Malware – a Growing Trend Explained for Everyday Users
I discontinued google dns, as i found that it is giving access to some middle country server to randomly use your connection. I wrote in google forum and to the google. No response.
I use routercheck, to check router and it has reported no problem with BSNL .
That application has a new concept of actual dns. and thro this actual dns server, i was able to find the usage of foreign country's server on our connection.
I tried java script blocking inchrome, but no effect.
It is curious but attacks on the web page when we go to the website, http. When you just click, before going to the browsing site, every malicious including downloads are downloaded to our pc.
Please see my post of mvp hosts, which have included thousands of websites lilke the one you mentioned. They are adding quarterly the new suspicious websites.
I am also not sure about VPN, because, instead of google, you are giving particulars to vpn servers.
The solution lies with restricting the access to your router and all are becoming https websites.
Why http sites continue in http protocol.Does google charge something for https websites?
ROurer filter may altogether , being the gateway of internet connection, block those in all the devices connected. Is it not?
See this interesting article where the author has mentioned how java script attacks web pages and steal personal information from http sites
JavaScript Malware – a Growing Trend Explained for Everyday Users