« previous next »
Pages: [1]   Go Down

Author Topic: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP  (Read 5327 times)

0 Members and 1 Guest are viewing this topic.

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« on: July 01, 2010, 08:42:04 PM »
Hi :)

I tried to visit our torrent site called wxxw.Partis.si but Avast found a virus on this page.

Virus: http: //ads.partis.si/www/delivery/afr.php?zoneid=4&source=_blank&cb=<%=%20rand(1000)%20%>|>{gzip} [L] HTML:Iframe-inf (0)

if you open  the same Website with Mozilla and Flock(with NS,AB...) Avast won,t find a virus.

Virustotal: http://www.virustotal.com/analisis/085ece44f81cc9cb83e8bf0a9ee724ae516d2ced83ffb9bdbe90fc49561552dd-1278009261

Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #1 on: July 01, 2010, 08:49:43 PM »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89033
  • No support PMs thanks
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #2 on: July 01, 2010, 09:30:32 PM »
Well I can't get in to check it out as it requires that you are registered, not to mention I can't read the language.

However, since this is ads related there is a move where ads poisoning is becoming more prevalent. See http://blog.avast.com/2010/02/18/ads-poisoning-%e2%80%93-jsprontexi/.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #3 on: July 01, 2010, 09:52:37 PM »
Hi DavidR and Pondus,

Attached scan report for this site, then check it out:
htxp://jsunpack.jeek.org/dec/go?report=5e4108e6ab81b1368d2b1b6416a0c9586d942153
htxp://jsunpack.jeek.org/dec/go?report=a8efddfa17356b62bf277c9167c25ff603eab249
htXp://jsunpack.jeek.org/dec/go?report=817cbe6b6400636b28e05287f7b28dfca27e94c1

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #4 on: July 01, 2010, 10:48:53 PM »
Hi Pondus,

About your recent downthem all analysis question, check the cache of this page, else you won't see it: htxp://webcache.googleusercontent.com/search?q=cache:ianycP-2efQJ:www.astalavista.com/index.php%3Fapp%3Dmailinglists%26do%3Dview%26mid%3D1%26id%3D90401+7FtuQd8!90%3B0!+0%3Bgy~t%3Fg%3Edg%3Edbu~tcKyMK%24M%3Eaeubi%3E|u~wdx%2Brbuq&cd=8&hl=en&ct=clnk

polonus
« Last Edit: July 01, 2010, 11:10:53 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #5 on: July 01, 2010, 10:55:48 PM »
Quote from: polonus on July 01, 2010, 09:52:37 PM
Hi DavidR and Pondus,

Attached scan report for this site, then check it out:
htxp://jsunpack.jeek.org/dec/go?report=5e4108e6ab81b1368d2b1b6416a0c9586d942153
htxp://jsunpack.jeek.org/dec/go?report=a8efddfa17356b62bf277c9167c25ff603eab249
htXp://jsunpack.jeek.org/dec/go?report=817cbe6b6400636b28e05287f7b28dfca27e94c1

pol


I read this report but i didn,t understand anything :D Can you tell me what is the point of this report  and if Partis really contains a virus.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #6 on: July 01, 2010, 11:08:22 PM »
Hi JuninhoSlo,

Not given all clearance, as DavidR remarks, I think it can be considered benign, as avast flags it it could be malware. Do refrain from visiting until it is cleared...

polonus
« Last Edit: July 01, 2010, 11:29:31 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89033
  • No support PMs thanks
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #7 on: July 01, 2010, 11:22:14 PM »
Unfortunately, I don't think this one is so easy to analyse/replicate if it is as I suspect ads poisoning as there is no real way to get at the original ad delivered by the hXXp: //ads.partis.si/www/delivery/afr.php page and rand selection.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: HTML:Iframe-inf(www.partis.si) IE8 Virus-FP
« Reply #8 on: July 01, 2010, 11:32:23 PM »
Hi DavidR,

My posting now reads accordingly. Agree with you there, and the succuri report is not giving any info on eventual malcode, it is not blacklisted there, but as you say there is a new online malware wave rising, so keep those avast shields up, my friends,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »