PDA

View Full Version : kubotabooks.com may be bad?


traildust
05-11-2010, 04:31 PM
Normally I access the kubotabooks.com (http://kubotabooks.com/)site from work and print up the free manuals. I have always been a little cautious of this site because it requires a user to download and open a file from an unknown source.

Today I visited the site from home and instantly got a security message from norton that it was an unsafe site :eek:

CLicked this link (http://safeweb.norton.com/report/show?url=kubotabooks.com)then this one (http://www.symantec.com/security_response/writeup.jsp?docid=2005-071322-4217-99&tabid=2)that explains why and was not all to surprised to find out trojans were detected.

If you down load manuals or any thing on line always scan the file with your anti virus before opening.

One never knows were evil lurks!


This is a summary of the trojan listed on norton that was detected:


Name: PHP.RSTBackdoor
Type: Trojan Horse

This threat requires the file r57shell.php to run. This file may already be present or may be manually copied to the compromised computer by the attacker.

When PHP.RSTBackdoor is executed, it performs the following actions:

Creates the following files:


/tmp/bdpl
/tmp/back
/tmp/bd
/tmp/bd.c
/tmp/dp
/tmp/dpc
/tmp/dpc.c


Opens a back door via HTTP access. It allows the remote attacker to perform any of the following actions:


Execute shell commands on /bin/bash
Change file permissions
Delete files and directories
Upload files
Edit files
Find files
Show system information
Dump SQL database

Eric McCarthy
05-11-2010, 05:27 PM
AW LAWDY here we go with more technical mombojombo!

:D:D:D:D:D:D:D:D

Green Mountain Slim
05-11-2010, 05:32 PM
Scott,

Thanks for the heads up. I think I found similar warnings when I went there some time ago, but sometimes with my Internet provider you don't know when you might end up in the middle of the CIA database without warning.

:eek:

traildust
05-11-2010, 06:46 PM
AW LAWDY here we go with more technical mombojombo!

:D:D:D:D:D:D:D:D


You're kill'n me brother :rolleyes:

traildust
05-11-2010, 06:47 PM
Scott,

Thanks for the heads up. I think I found similar warnings when I went there some time ago, but sometimes with my Internet provider you don't know when you might end up in the middle of the CIA database without warning.

:eek:


Hey Slim, be careful you might end up on the no fly list :D

eserv
05-12-2010, 05:30 PM
Don't download any file from Kubotabooks that isn't a PDF file. There are two FLV files there now which contain spyware. I wonder who owns the site? I have tried uploading manuals to it and it won't accept them and I've tried contacting the site to no avail!
Ed

mskrekla
05-24-2010, 06:55 AM
I wonder who owns the site?
Ed

Registration Service Provided By: Free Web Hosting
Contact: sales@freehostia.com

Domain name: KUBOTABOOKS.COM

Registrant Contact:

David ONeil ()

Fax:
27 Hawker Ave
Belair, South Australia 5052
AU

Administrative Contact:

David ONeil (mail@alchemysa.com.au)
08 81321200
Fax:
27 Hawker Ave
Belair, South Australia 5052
AU

Technical Contact:

David ONeil (mail@alchemysa.com.au)
08 81321200
Fax:
27 Hawker Ave
Belair, South Australia 5052
AU

Status: Locked

Name Servers:
dns1.freehostia.com
dns2.freehostia.com

Creation date: 15 Feb 2008 00:35:39
Expiration date: 15 Feb 2011 00:35:39

traildust
05-24-2010, 11:38 PM
eserv, thank you for the added threat information - very scary!


mskrekla, great research! You have some pretty good info in there. I bet emailing those folks would probably end up with no respnse and spam from hell.

Service Dept Vic
06-02-2010, 08:48 PM
That site is now off line and unavailable.

Eric McCarthy
06-02-2010, 08:51 PM
I've said it before and I'll say it again,

AW LAWDY here we go with more technical mombojombo!

I'll go with Vic's answer of its shut down and not working!

jms1989
06-05-2010, 08:53 PM
Normally I access the kubotabooks.com (http://kubotabooks.com/)site from work and print up the free manuals. I have always been a little cautious of this site because it requires a user to download and open a file from an unknown source.

Today I visited the site from home and instantly got a security message from norton that it was an unsafe site :eek:

CLicked this link (http://safeweb.norton.com/report/show?url=kubotabooks.com)then this one (http://www.symantec.com/security_response/writeup.jsp?docid=2005-071322-4217-99&tabid=2)that explains why and was not all to surprised to find out trojans were detected.

If you down load manuals or any thing on line always scan the file with your anti virus before opening.

One never knows were evil lurks!


This is a summary of the trojan listed on norton that was detected:


Name: PHP.RSTBackdoor
Type: Trojan Horse

This threat requires the file r57shell.php to run. This file may already be present or may be manually copied to the compromised computer by the attacker.

When PHP.RSTBackdoor is executed, it performs the following actions:

Creates the following files:


/tmp/bdpl
/tmp/back
/tmp/bd
/tmp/bd.c
/tmp/dp
/tmp/dpc
/tmp/dpc.c


Opens a back door via HTTP access. It allows the remote attacker to perform any of the following actions:


Execute shell commands on /bin/bash
Change file permissions
Delete files and directories
Upload files
Edit files
Find files
Show system information
Dump SQL database

This looks like a "trojan" for linux systems. A script kiddie's attempt in gain back door access to a web server or such. Those running windows machines are at no risk of this. Since most linux servers are rarely rebooted, any files in /tmp could remain there for months, thus allowing the would be cracker access to the machine. If you have a good antivirus, it will block any automated attempt to download it. So worries folks.

alchemysa
07-02-2010, 01:07 AM
Hello Gentlemen

As the 'owner' of http://www.kubotabooks.com/ I can assure you theres nothing sneaky about it. It doesnt sell anything, store user details, or spam anyone. Its simply this amateur's attempt to provide a website that allows kubota tractor owners (like me) to share copyright-free parts manuals. Most of these manuals had been freely available elsewhere but the existing 'free' internet storage libraries had proven unreliable, so I set up a dedicated (paid for!) website.

The reason the site is sometimes 'closed' is because the download demand is so large it sometimes exceeds my monthly 10G bandwidth allowance. I have now increased this to 15G, hence the recent addition of Google Ads that will hopefully offset the cost a little.

As far as I know, all of the pdf's on the site are 'safe'. (I've never heard of a virus being embedded in a pdf). But as I stress on the homepage some vandals have uploaded non-pdf files that are suspicious. I try to remove them regularly but fortunately, even if I miss them, they are easily recognised and avoided. (This is the drawback of providing a website that allows instant usability by anyone, without requiring constant housekeeping by me. Do you know of any similar sites?).

Most of these manuals have been uploaded by anonymous kubota owners with the best of intentions but as I state on the homepage, they may not be the latest versions so use them with care.

'eserv'. If you couldn't upload a file it was probably too big. The limit I think is 10meg. And if you sent me an email it appears I did not receive it.

Cheers,
alchemysa.

eserv
07-02-2010, 07:29 AM
Thanks Alchemysa! A very good Website you have there. 10 megs is a little small for kubota tractor manuals, any chance you could increase it? also you could set up a paypal account on there so folks could donate to it. I think you would be surprised what it would generate!
Ed