« previous next »
Pages: [1]   Go Down

Author Topic: Site hacked with an injector so avast! Web Shield blocks JS:Defacement-M[Tr]  (Read 1835 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Site hacked with an injector so avast! Web Shield blocks JS:Defacement-M[Tr]
« on: December 12, 2013, 12:54:34 AM »
The marvelous avast! Web Shield, you cannot be without it, as will again be demonstrated here.

Read: http://wordpress.org/support/topic/hacked-with-an-injector-cant-get-rid-of-redirect
See it in action here: http://evuln.com/tools/malware-scanner/bigdoginlineinc.info/
Detected here: https://www.virustotal.com/nl/url/185c12c571863d925c273ea81cef60d86fb8f2705a620cfd0e56830388c40838/analysis/1386805454/

So avast! Web Shield blocks and detect site/|{gzip} as infected with JS:Defacement-M[Trj]
We have protection, folks, we have protection!

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Site hacked with an injector so avast! Web Shield blocks JS:Defacement-M[Tr]
« Reply #1 on: December 12, 2013, 02:28:59 PM »
Another example of malcode injection, still doing the rounds in various forms.
IDS alerted as "http_inspect: MULTIPLE ENCODINGS WITHIN JAVASCRIPT OBFUSCATED DATA"
Read about this here: http://www.binarytides.com/malware-injection-in-wordpress-websites/  -> http://www.snort.org/search/sid/120-11

Also see: http://forum.avast.com/index.php?topic=139300.0

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »