Avast WEBforum

Other => General Topics => Topic started by: Chris Thomas on March 30, 2011, 09:09:25 PM

Title: Is this site hacked?
Post by: Chris Thomas on March 30, 2011, 09:09:25 PM
I read manga, but this is a spoiler site where i find spoilers....I guess it was a good site, but when i checked today, i think it is hacked.

hxxp://www.mangaspoiler.com/

Avast didn't stop it but thanks to NoScript

Edit : Sorry, I cleared my Firefox cache, and the redirection thing is gone.

I was redirected to some fake AV page

Title: Re: Is this site hacked?
Post by: bob3160 on March 30, 2011, 09:20:57 PM
If you suspect an infection, please don't post a live link.
Title: Re: Is this site hacked?
Post by: danny96 on March 30, 2011, 09:24:43 PM
Virustotal results says it's clear

Website report
http://www.virustotal.com/url-scan/report.html?id=a0ac5f77e36a99f1e2cb813dc709337f-1301505752

Index.html scan
http://www.virustotal.com/file-scan/report.html?id=3b7152f345c6b869bca4d2bbd25740bd1bfa8b79eca6e462ce9bc86b76ec3fe4-1301512956

Norton SafeWeb says it's clear as well
http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.mangaspoiler.com%2F

I think It's FP from NoScript
Title: Re: Is this site hacked?
Post by: Pondus on March 30, 2011, 09:33:22 PM
This should have been posted in the Virus and Worms section


Infected with Malware entry: MW:HTA:7
http://sucuri.net/malware/malware-entry-mwhta7

see screen shot
Title: Re: Is this site hacked?
Post by: bob3160 on March 30, 2011, 09:34:06 PM
Danny,
I've also checked the site but it is still safest if you aren't sure about a site
to not post the live link.
That way, if it turns out to be infected, you didn't put any one else in danger if they
accidentally clicked on the live link.
Code: [Select]
http://www.mangaspoiler.com/
Title: Re: Is this site hacked?
Post by: polonus on March 30, 2011, 09:55:13 PM
Fully agree with bob3160 here, munge that address so the unaware cannot click into malware, either by putting hxtp or wxw
or an extra space between http:// and www to break the live link.
Site has malware:
Sucuri free scan says:
web site:    
htxp://www.mangaspoiler.com/
status:
Site infected with malware. Suspicious conditional redirect, for details see: http://sucuri.net/malware/entry/MW:HTA:7
Quote
This attack uses the .htaccess file to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.
(source; sucuri)

Title:   
403 Forbidden
URL:   htxp://www.mangaspoiler.com
Redirects:    302 -> htxp://lessthenaseconddeal.com/in.php?n=6
Google:   Status Code:   403. Forbidden.
Redirects users to: htxp://lessthenaseconddeal.com/in.php?n=6
web trust: well see: http://www.mywot.com/en/scorecard/lessthenaseconddeal.com
and see: http://www.google.ru/support/forum/p/Web+Search/thread?tid=3f9126cf20326fe8&hl=en
Site not blacklisted,

That's all, folks,

polonus
Title: Re: Is this site hacked?
Post by: spg SCOTT on March 30, 2011, 10:31:23 PM
The less than a second deal page is one of the ones that does a fake scan...

It redirects to a .co.cc site, which then downloads a file called pcupdate107_2129.exe which avast doesn't detect.
http://www.virustotal.com/file-scan/report.html?id=482f36205c597255209a94a8790fe6a6308da0dd1464b2f94f219378bc5ba636-1301516385
Currently in the virus chest will send in a minute.

Not sure about the original site. didn't get redirected when viewing on ubuntu
Title: Re: Is this site hacked?
Post by: polonus on March 30, 2011, 10:47:59 PM
Nice find, spg SCOTT, but there is also a link there to: htxp://defender-kzwu.co.cc/scan1/188

URL analysis tool   Result
Firefox            Malware site
G-Data                   Malware site
Google Safebrowsing   Malware site  
hxtp://defender-kzwu.co.cc/scan1/188%20malware

which domain does not exist or is unaccesible :( says Netirk,),

polonus

Title: Re: Is this site hacked?
Post by: Pondus on March 30, 2011, 10:50:44 PM
Quote
The less than a second deal page is one of the ones that does a fake scan...
But the downloaded Rogue is already detected by Malwarebytes - Trojan.FakeAlert
Title: Re: Is this site hacked?
Post by: Chris Thomas on March 30, 2011, 11:37:07 PM
I though there was no malware. It is like, after i cleared the cache, i am not seeing the redirection. This has made me crazy.I though my system was messed up instead, so i didn't think about changing http to hxxp.

I am now scanning with Malwarebytes and SuperAntiSpyware just to be on the safe side.

Thanks mod for doing it  ;)

Thanks guys for verifying........
Title: Re: Is this site hacked?
Post by: polonus on March 30, 2011, 11:45:01 PM
Hi Chris Thomas,

And you thanks for reporting, thanks to you reporting others are safe.
Stay safe and secure online is the wish of,

polonus
Title: Re: Is this site hacked?
Post by: Chris Thomas on March 30, 2011, 11:58:56 PM
Hi Chris Thomas,

And you thanks for reporting, thanks to you reporting others are safe.
Stay safe and secure online is the wish of,

polonus

 :)