Author Topic: www.pajacyk.pl (Read 7331 times)

piwko · « **on:** February 22, 2009, 07:58:10 PM »

i enter this site (i have this site on home site) and i see: virus :/

DavidR · « **Reply #1 on:** February 22, 2009, 08:17:21 PM »

There is a very large block of script at the bottom of the page source for wXw.pajacyk.pl. just before the closing Body tag, this is outside any of the other page formatting tags, etc.

This looks suspicious because of its location and also that the scripting itself appears to be obfuscated (disguised). The script tag also doesn't state what type of script it is, e.g. what script language, this doesn't conform with HTML standards, which the other scripts on this page do. Given that what this script also tries to hid what it is doing, unlike the other scripts on the page, so to me this is suspicious.

So this page might have been hacked and this code inserted.

I take it that this is the alert that you got, see image.

polonus · « **Reply #2 on:** February 22, 2009, 11:08:12 PM »

Hi piwko,

Could well be but here I give you more recent results:

Exploit Prevention Lab's LinkScanner: Congratulations! LinkScanner Online did not find any exploits.
////////////////////////////////////////////////////////////
DrWeb's av link checker:
Checking: hxxp://www.pajacyk.pl
Engine version: 5.0.0.12182
File size: 8593 bytes

hxxp://www.pajacyk.pl - archive HTML
>hxxp://www.pajacyk.pl/Script.0 - Ok
>hxxp://www.pajacyk.pl/Script.1 - Ok
>hxxp://www.pajacyk.pl/Script.2 - Ok
>hxxp://www.pajacyk.pl/Script.3 - Ok
>hxxp://www.pajacyk.pl/Script.4 - Ok
>hxp://www.pajacyk.pl/Script.5 - Ok
>hxxp://www.pajacyk.pl/Script.6 - Ok
hxxp://www.pajacyk.pl - Ok

Checking: hxxp://www.pajacyk.pl/js/swfobject.js
File size: 6351 bytes

hxxp://www.pajacyk.pl/js/swfobject.js - Ok

Checking: hxxp://idm.hit.gemius.pl/pp_gemius.js
File size: 4883 bytes

hxxp://idm.hit.gemius.pl/pp_gemius.js - Ok

Checking: hxxtp://www.pajacyk.pl/js/funkcje.js
File size: 1231 bytes

hxxp://www.pajacyk.pl/js/funkcje.js - Ok
////////////////////////////////////////////////////////////////////
Norton Safe Web:
hxxp://safeweb.norton.com/report/show?url=www.pajacyk.pl&x=4&y=9
/////////////////////////////////////////////////////////////////////////////////
And also finjan, WOT, McAfee SiteAdvisor and Scandoo,

polonus

kubecj · « **Reply #3 on:** February 22, 2009, 11:40:30 PM »

Pretty confident this is a malware. It's everywhere $:-\$ We've seen about 1500 infected unique domains (more than 900 from Poland).

polonus · « **Reply #4 on:** February 22, 2009, 11:50:07 PM »

Hi kubecj,

Not gonna argue with you there, that avast shield is pretty good, glad as an avast user and avast evangelist to have it.
Anyway as these kind of infections is the main infection vector now, visiting websites that are injected with something malicious or re-directing to it can be dangerous, especially so as we cannot rely on the average link scanners all the time, so thanks for your confirmation, better safe than sorry!
These detections gonna be a grand additional benefit for the users of the avast av solution,

polonus

Lisandro · « **Reply #5 on:** February 22, 2009, 11:53:11 PM »

Quote from: kubecj on February 22, 2009, 11:40:30 PM

Pretty confident this is a malware.

Polonus, nowadays, Dr. Web and link scanners are far far far behind avast on detection...

kubecj · « **Reply #6 on:** February 22, 2009, 11:54:28 PM »

Most funny (or tragic) is that the domains are the same, just the malware changes. The admins are completely unaware and if they eventually 'fix' it, it usually mean re-uploading, and then re-infecting.

Author Topic: www.pajacyk.pl (Read 7331 times)

piwko

www.pajacyk.pl

DavidR

Re: www.pajacyk.pl

polonus

Re: www.pajacyk.pl

kubecj

Re: www.pajacyk.pl

polonus

Re: www.pajacyk.pl

Lisandro

Re: www.pajacyk.pl

kubecj

Re: www.pajacyk.pl