Author Topic: Is this site infected with JS/iFrame.aav being flagged? (Read 3199 times)

polonus · « **on:** October 27, 2011, 06:08:05 PM »

Hi my fellow url scanners, Pondus, Asyn, spg Scott, dim@rik, etc,

Avast does not detect or do the shields block this site, I think not?
See: http://www.virustotal.com/url-scan/report.html?id=c911b4f13168bed2ab2c26fbc56927a6-1319723113
Malware detected: http://www.virustotal.com/file-scan/report.html?id=3f157d0a13734782c2bd726354150eb83a078039558b8064477cfd75cfc5cff0-1319730319
Sucuri says site infected with known malware: http://sucuri.net/malware/malware-entry-mwjs159
See: http://urlquery.net/queued.php?id=6348
Site is flagged as unsafe by both Bitdefender's TrafficLight and M86 Security Secure Browsing
also infected is http://urlquery.net/queued.php?id=6350 suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold b621/85e481ea1aaebf8cab240c06131a2c081fee
hidden iFrame to spammer bot found: 1nvesttsmenttsclybs.info see: http://www.google.com/cse?cx=partner-pub-3489963851581974%3A19o09n-6ah5&ie=UTF-8&q=1nvesttsmenttsclybs.info&sa=Search#gsc.tab=0&gsc.q=1nvesttsmenttsclybs.info&gsc.page=1

polonus

REDACTED · « **Reply #1 on:** October 27, 2011, 07:14:58 PM »

Quote from: polonus on October 27, 2011, 06:08:05 PM

Hi my fellow url scanners, Pondus, Asyn, spg Scott, dim@rik, etc,

Avast does not detect or do the shields block this site, I think not?
See: http://www.virustotal.com/url-scan/report.html?id=c911b4f13168bed2ab2c26fbc56927a6-1319723113
Malware detected: http://www.virustotal.com/file-scan/report.html?id=3f157d0a13734782c2bd726354150eb83a078039558b8064477cfd75cfc5cff0-1319730319
Sucuri says site infected with known malware: http://sucuri.net/malware/malware-entry-mwjs159
See: http://urlquery.net/queued.php?id=6348
Site is flagged as unsafe by both Bitdefender's TrafficLight and M86 Security Secure Browsing
also infected is http://urlquery.net/queued.php?id=6350 suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold b621/85e481ea1aaebf8cab240c06131a2c081fee
hidden iFrame to spammer bot found: 1nvesttsmenttsclybs.info see: http://www.google.com/cse?cx=partner-pub-3489963851581974%3A19o09n-6ah5&ie=UTF-8&q=1nvesttsmenttsclybs.info&sa=Search#gsc.tab=0&gsc.q=1nvesttsmenttsclybs.info&gsc.page=1

polonus

Hi Polonus,

http://jsunpack.jeek.org/dec/go?report=7523531a25f483bbd3a5ab26fe6e2b1407344775

http://www.UnmaskParasites.com/security-report/?page=labeeuw.com

http://wepawet.iseclab.org/view.php?hash=9d86adfe1e7d5c2381c130205d61d1e9&t=1319735511&type=js

labeeuw.com/index.swf - http://www.virustotal.com/file-scan/report.html?id=602962ed6c2596fa9439e2025aa7558a74f97e571b8fe8c0e262dde9a73b1149-1319746143

hxxp://1nvesttsmenttsclybs.info/ - Timeout N/A - dead

polonus · « **Reply #2 on:** October 27, 2011, 10:51:56 PM »

Hi Dim@rik,

More about this hack here: http://www.dataprotectioncenter.com/security/mysql-com-hacked-javascript-malware/ (info via sucuri) link source dataprotectioncenter dot com
and apparently the link to the spamsite is now dead, site still vulnerable,
Suspicious Inline Script found...

polonus

Pondus · « **Reply #3 on:** October 28, 2011, 07:48:14 AM »

Norman lab confirms infected

Quote

labeeuw.com.htm : Processed - HTML/IFrame.OP

Author Topic: Is this site infected with JS/iFrame.aav being flagged? (Read 3199 times)

polonus

Is this site infected with JS/iFrame.aav being flagged?

REDACTED

Re: Is this site infected with JS/iFrame.aav being flagged?

polonus

Re: Is this site infected with JS/iFrame.aav being flagged?

Pondus

Re: Is this site infected with JS/iFrame.aav being flagged?