Avast WEBforum
Other => General Topics => Topic started by: Chris Thomas on March 30, 2011, 09:09:25 PM
-
I read manga, but this is a spoiler site where i find spoilers....I guess it was a good site, but when i checked today, i think it is hacked.
hxxp://www.mangaspoiler.com/
Avast didn't stop it but thanks to NoScript
Edit : Sorry, I cleared my Firefox cache, and the redirection thing is gone.
I was redirected to some fake AV page
-
If you suspect an infection, please don't post a live link.
-
Virustotal results says it's clear
Website report
http://www.virustotal.com/url-scan/report.html?id=a0ac5f77e36a99f1e2cb813dc709337f-1301505752
Index.html scan
http://www.virustotal.com/file-scan/report.html?id=3b7152f345c6b869bca4d2bbd25740bd1bfa8b79eca6e462ce9bc86b76ec3fe4-1301512956
Norton SafeWeb says it's clear as well
http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.mangaspoiler.com%2F
I think It's FP from NoScript
-
This should have been posted in the Virus and Worms section
Infected with Malware entry: MW:HTA:7
http://sucuri.net/malware/malware-entry-mwhta7
see screen shot
-
Danny,
I've also checked the site but it is still safest if you aren't sure about a site
to not post the live link.
That way, if it turns out to be infected, you didn't put any one else in danger if they
accidentally clicked on the live link.
http://www.mangaspoiler.com/
-
Fully agree with bob3160 here, munge that address so the unaware cannot click into malware, either by putting hxtp or wxw
or an extra space between http:// and www to break the live link.
Site has malware:
Sucuri free scan says:
web site:
htxp://www.mangaspoiler.com/
status:
Site infected with malware. Suspicious conditional redirect, for details see: http://sucuri.net/malware/entry/MW:HTA:7
This attack uses the .htaccess file to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.
(source; sucuri)
Title:
403 Forbidden
URL: htxp://www.mangaspoiler.com
Redirects: 302 -> htxp://lessthenaseconddeal.com/in.php?n=6
Google: Status Code: 403. Forbidden.
Redirects users to: htxp://lessthenaseconddeal.com/in.php?n=6
web trust: well see: http://www.mywot.com/en/scorecard/lessthenaseconddeal.com
and see: http://www.google.ru/support/forum/p/Web+Search/thread?tid=3f9126cf20326fe8&hl=en
Site not blacklisted,
That's all, folks,
polonus
-
The less than a second deal page is one of the ones that does a fake scan...
It redirects to a .co.cc site, which then downloads a file called pcupdate107_2129.exe which avast doesn't detect.
http://www.virustotal.com/file-scan/report.html?id=482f36205c597255209a94a8790fe6a6308da0dd1464b2f94f219378bc5ba636-1301516385
Currently in the virus chest will send in a minute.
Not sure about the original site. didn't get redirected when viewing on ubuntu
-
Nice find, spg SCOTT, but there is also a link there to: htxp://defender-kzwu.co.cc/scan1/188
URL analysis tool Result
Firefox Malware site
G-Data Malware site
Google Safebrowsing Malware site
hxtp://defender-kzwu.co.cc/scan1/188%20malware
which domain does not exist or is unaccesible :( says Netirk,),
polonus
-
The less than a second deal page is one of the ones that does a fake scan...
But the downloaded Rogue is already detected by Malwarebytes - Trojan.FakeAlert
-
I though there was no malware. It is like, after i cleared the cache, i am not seeing the redirection. This has made me crazy.I though my system was messed up instead, so i didn't think about changing http to hxxp.
I am now scanning with Malwarebytes and SuperAntiSpyware just to be on the safe side.
Thanks mod for doing it ;)
Thanks guys for verifying........
-
Hi Chris Thomas,
And you thanks for reporting, thanks to you reporting others are safe.
Stay safe and secure online is the wish of,
polonus
-
Hi Chris Thomas,
And you thanks for reporting, thanks to you reporting others are safe.
Stay safe and secure online is the wish of,
polonus
:)