Avast WEBforum
Other => General Topics => Topic started by: Coolmario88 on November 27, 2012, 07:18:25 PM
-
The other day I got a e-mail from my dad which had a link in it that redirects to a fake news website.. (His e-mail was hacked).. I'm wondering how do I report the url to avast?
Edit: I suspect the url as a scam site.
-
Have you checked the URL on the normal site checking tools we use, http://sitecheck.sucuri.net/scanner/ - http://urlvoid.com/ etc. etc. ?
Currently the on-line contact form, http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) doesn't cater for reporting Undetected malicious/phishing sites only reporting FPs on sites.
Since avast doesn't specifically have phishing sites on the VPS only malicious/infected sites, there isn't a specific way to report them for inclusion in the VPS for Network Shield.
Also see http://forum.avast.com/index.php?topic=82635.0 (http://forum.avast.com/index.php?topic=82635.0), extract below.
Reporting a phishing/malicious/hacked site not detected by the Network/Web Shield/s:
Essentially it is sending an email to virus (at) avast (dot) com (no attachment as there is no physical file) outlining the issue and giving the URL in the body of the email.
The email Subject is probably more crucial as I would say it still has to be called 'Undetected Malware' for it to be filtered within the receipt system for action. I would go further and include 'Network Shield' in the subject to further define the problem and possibly attract attention. So the subject would be something like "Undetected Malware - Network Shield - Phishing/Malicious site" (whichever is applicable), without the Quotes.
-
Thanks for the reply DavidR I just used wepawet to scan the site link that redirects. It says it is benign but what still gets me is how can it be benign if the redirect it does changes every other day.. When i got the link the other day it redirected to a fake fox news website now it redirects to another fake news website.. the Wepawet report can be seen here. http://wepawet.iseclab.org/view.php?hash=dcff28722a5a5675fd6cb1db0f407ced&t=1354041687&type=js
-
unmaskparasites report suspicious on the domain....and also the full url
http://www.UnmaskParasites.com/security-report/?page=mikeyanderssonphotography.com
-
The problem is that some sites in themselves might be considered benign, but have a redirect function on the site that either takes them to or run code from another malicious site. Avast is normally hot on such redirects as it does look a little deeper than just the parent site of there is a redirect or script from a 3rd party site, it would normally check if that site was on its malicious sites list (and alert if found).
It looks benign to me also. Following those links and allowing the redirects I don't come across any avast or firefox alerts.
Not knowing the context of the email and the reason for the link, I can't really say what the intent was.
Edit: added
http://sitecheck.sucuri.net/results/mikeyanderssonphotography.com/wp-content/themes/twentyeleven/mynews.php (http://sitecheck.sucuri.net/results/mikeyanderssonphotography.com/wp-content/themes/twentyeleven/mynews.php)
Nothing found on this, but then again I can't enter the ?couple291.bmp parameter after the site URL (strange that it is passing a bmp file as a parameter.
-
Thanks for the reply DavidR I just used wepawet to scan the site link that redirects. It says it is benign but what still gets me is how can it be benign if the redirect it does changes every other day.. When i got the link the other day it redirected to a fake fox news website now it redirects to another fake news website.. the Wepawet report can be seen here. http://wepawet.iseclab.org/view.php?hash=dcff28722a5a5675fd6cb1db0f407ced&t=1354041687&type=js
You state that you had first-hand experience with two different fake news websites called by this site. If that is the case, and these news sites are indeed fake, and they were indeed called by the site itself and not a 3rd party, you can assume the site a scam.
unmaskparasites report suspicious on the domain....and also the full url
http://www.UnmaskParasites.com/security-report/?page=mikeyanderssonphotography.com
The scanner reports suspicious, but the 'suspicious' code is not malicious. They are using jQuery and naturally the code needs to be ran after the DOM is fetched. However, it seems that the developer didn't know about the $(document).ready(function() { /* native code */ }); declaration, which achieves the same effect without having to put it below the body. The jQuery code is utilized for the portfolio performance. Not malicious in any way.
-
Thanks Pondus, for that link. Using your Unmask Parasites site, I get this.
This confirms scanned site is malicious:
EDIT: Strikethrough placed thru erroneous statement; see !Donovan's post below this one.
http://sitecheck.sucuri.net/scanner/?scan=mikeyanderssonphotography.com (http://sitecheck.sucuri.net/scanner/?scan=mikeyanderssonphotography.com)
(Used a scan link in Unmask Parasites to scan automatically at Sucuri:)
Note that the url does not end in .php
-
Hi mchain,
Firstly, Sucuri does not confirm the site as malicious. Notice that it states "Anomaly behavior detected (possible malware)". More Information: http://labs.sucuri.net/db/malware/malware-entry-mwanomalysp8
http://edge.quantserve.com/quant.js is a legit part Wordpress. It is used for tracking purposes to develop stats in the admin's dashboard.
You may also want to see this: http://www.techairlines.com/2010/12/30/wordpress-stats-quantcast/
And if you're still not sure: https://www.virustotal.com/file/e3b647130c0e413e10c89eb18de0744e8044982b893b4954087d714950c57855/analysis/1354061883/
~!Donovan
-
Thank you !Donovan for that. Correction understood and well taken. Thank you for the links above; good ones there. :D