Author Topic: disbords.com blocked (Read 3501 times)

netimka · « **on:** June 16, 2012, 10:51:01 AM »

hi, first time posting here, so hope its a correct place... i use this disney forum on daily basics but yesterday it has been blocked by avast... i got this notification: Malware blocked, is there any way i can get this unblocked? i can you this website from blackberry, works laptop without any problems...
please can you help
many thanks in advace
big Disney fan ;-)

mikaelrask · « **Reply #1 on:** June 16, 2012, 11:49:34 AM »

hey according to virustotal it should be clean

https://www.virustotal.com/url/f659161f9b049bdf61e4dafe0929c03e2380aeee9aefcd6929714a11d69c9d05/analysis/1339839958/

you could report a possibly false threat to avast throw here: http://www.avast.com/contact-form.php?loadStyles.

it could also have been already reported throw another thread about the same site earlier on the forum.

http://forum.avast.com/index.php?topic=99720.0

true indian · « **Reply #2 on:** June 16, 2012, 12:31:04 PM »

detection is correct..
https://www.virustotal.com/file/fd0f6e66cc6458406ecd467870a4aaee69888024a2c53a8ed27a188492fb384d/analysis/1339844821/
there is a suspicious type of redirection or miscripted thingy in HTML format to some sort of parked site...see screenshot..also its hosting the ga.js thingy from google...if u use the search function in the forum...u can find some ga.js baddies..if site is accessed...it tries to load some content from third party google stuff and also from hxtp://www.safesurf-check.com/gate.php

which is correctly blocked by network shield....We are being protected!

also there is typo sqatting domain with same URL and it is disboard.com...so be careful before u type URL address in

wxw.disboards.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384 benign
[nothing detected] (script) wxw.disboards.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384
status: (referer=wxw.disboards.com/)saved 36628 bytes 5549ff428576843dcbb70b9986e77dfbec09853a
info: [decodingLevel=0] found JavaScript
error: undefined function O.addEventListener
error: undefined variable O
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista, 271 bytes
info: Decoding option browser=Opera and browser=Firefox, 0 bytes
file: 5549ff428576843dcbb70b9986e77dfbec09853a: 36628 bytes
file: 07bd65a8feb00a90b39a7fcbb4cd33975af352d9: 37177 bytes
file: af2f5b73dcc4d5b0277f91e2c21dfde034e5cbd1: 271 bytes

ON safe-surf.com site here is a suspicious thingy found:
var _0x3bb1=["\x68\x61\x73\x68","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x72\x65\x66","\x23","\x72\x65\x70\x6C\x61\x63\x65","\x69\x6E\x69\x74"];SecBanner={init:function (){if(window[_0x3bb1[1]][_0x3bb1[0]]){} else {location[_0x3bb1[4]](document[_0x3bb1[1]][_0x3bb1[2]]+_0x3bb1[3]);} ;} };SecBanner[_0x3bb1[5]]()

If u were able to access the site even after avast blocking it...then u will need to clear your temp files as it may have dropped the malicious rediector in your temp

!Donovan · « **Reply #3 on:** June 16, 2012, 03:28:57 PM »

This Disney board sure has lots of partners. Even to some p0rn sites.¹

I find the modification of an existing iframe with javascript suspicious. See attachment 2.

!Donovan · « **Reply #4 on:** June 16, 2012, 03:48:37 PM »

Milos confirmed malicious. See: http://forum.avast.com/index.php?topic=99738.msg795794#msg795794

netimka · « **Reply #5 on:** June 16, 2012, 05:00:36 PM »

thanks for all replays and links... so there is nothing we can do, and its only the website that need to get this sorted?

!Donovan · « **Reply #6 on:** June 16, 2012, 05:08:19 PM »

My advice is to contact the webmaster and give a link to this page.

true indian · « **Reply #7 on:** June 16, 2012, 06:50:58 PM »

Quote from: netimka on June 16, 2012, 05:00:36 PM

thanks for all replays and links... so there is nothing we can do, and its only the website that need to get this sorted?

Ask the webmaster to remove the part of HTML in main page that is showed in my 3.png screenshot and remove the associations to 3rd party sites and update their wordpress or any other software that is used on their site

netimka · « **Reply #8 on:** June 16, 2012, 11:17:11 PM »

thanks for all your replays, its working fine again

true indian · « **Reply #9 on:** June 17, 2012, 09:04:54 AM »

The admin blamed avast saying its avast issue...i have registered there and posted the evidence see:
http://www.disboards.com/showthread.php?p=45204693#post45204693

Author Topic: disbords.com blocked (Read 3501 times)

netimka

disbords.com blocked

mikaelrask

Re: disbords.com blocked

true indian

Re: disbords.com blocked

!Donovan

Re: disbords.com blocked

!Donovan

Re: disbords.com blocked

netimka

Re: disbords.com blocked

!Donovan

Re: disbords.com blocked

true indian

Re: disbords.com blocked

netimka

Re: disbords.com blocked

true indian

Re: disbords.com blocked