Avast WEBforum

Other => Viruses and worms => Topic started by: !Donovan on August 23, 2012, 01:00:20 AM

Title: Only 3 Detect 20+ Day Old 'jQuerys' Redirecting Algorithm
Post by: !Donovan on August 23, 2012, 01:00:20 AM
See: https://www.virustotal.com/file/028544e8f041cd03c68d4e49d29d9c1d49129eb9f5515e6cdd05ab04f24615ed/analysis/1345676192/

And the original topic: http://forum.avast.com/index.php?topic=102514.0

???
Title: Re: Only 3 Detect 20+ Day Old 'jQuerys' Redirecting Algorithm
Post by: Left123 on August 23, 2012, 01:24:06 AM
HI Don,
I don't understand what is so special about this,we've seen this million times here.
It just generates a random domain name based on the pseudocode.It is also depending on the date of the "event".
Regards,
Philip  :)
Title: Re: Only 3 Detect 20+ Day Old 'jQuerys' Redirecting Algorithm
Post by: polonus on August 23, 2012, 02:59:22 PM
@!Donovan,

Off-course it is good policy to follow up detection has been added or not, and in this case it apparently has not.
Pirated or fraudulent scripts should be found up and flagged. No doubt about it, and as easy as sucuri and you could find this means it does not need rocket science to do so.

@Left123,

This is with these sort of detection I guess they have lower priority somehow, see: http://malwarebulletin.com/2012/08/03/eset/update-7352-20120803/

polonus
Title: Re: Only 3 Detect 20+ Day Old 'jQuerys' Redirecting Algorithm
Post by: !Donovan on August 23, 2012, 11:50:18 PM
Hi all,

Regardless, a random redirect (that happens only once), should be considered, at best, suspicious.

~!Donovan
Title: Re: Only 3 Detect 20+ Day Old 'jQuerys' Redirecting Algorithm
Post by: polonus on August 24, 2012, 12:12:17 AM
Hi !Donovan,

I completely agree with you, and all we can do is report to virus AT avast dot com in the usual way.
Also I ask you to read this thread about the unlikeness of an avast solution to detect specific malware
if it was not detected during the previous 6 days after first detection was mentioned on VT results from other av-solutions
: http://forum.avast.com/index.php?topic=103847.0
But I see you already posted there, so you are aware of that information.
It is also striking that after a 30 days period there is no longer detection in the case of a previous detection for the same av-solution,
so certain detections are only meant for a particular period.
All has to do off-course with what is decided to be included into a next update.....

polonus
Title: Re: Only 3 Detect 20+ Day Old 'jQuerys' Redirecting Algorithm
Post by: !Donovan on August 28, 2012, 12:10:08 AM
Another rescan gives the same 3/42..
https://www.virustotal.com/file/028544e8f041cd03c68d4e49d29d9c1d49129eb9f5515e6cdd05ab04f24615ed/analysis/1346105240/

Is there a limit to what antiviruses can do? ???

Using regular expressions to find suspect strings and going into more detail with various 'tests', it doesn't seem possible..