Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on July 15, 2013, 11:08:28 PM

Title: 24 IDS malware alerts on one URL - quite a collection!
Post by: polonus on July 15, 2013, 11:08:28 PM

See: http://urlquery.net/report.php?id=3766561
BitDefender TrafficLight flags that domain as malicious.
Sucuri one of the few to flag it: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fchinacruisingclub.org%2F
Malware found: http://labs.sucuri.net/db/malware/malware-entry-mwiframehd202
hidden and malicious iFrame malware detected...

polonus

Title: Re: 24 IDS malware alerts on one URL - quite a collection!
Post by: Pondus on July 15, 2013, 11:22:03 PM

and this on same IP.   http://urlquery.net/report.php?id=3764387

Title: Re: 24 IDS malware alerts on one URL - quite a collection!
Post by: polonus on July 17, 2013, 01:10:45 AM

Hi Pondus,

Good find, and you stumbled on a malware pattern there!
Nice blog article from Dynamoo on what was in that sites redirecting iFrame script: http://blog.dynamoo.com/2013/07/ups-spam-tvblipsnet.html
UPS spam / tvblips.net  brought to you from Hong Kong...
and where it is landing: http://urlquery.net/report.php?id=3762051

polonus

Title: Re: 24 IDS malware alerts on one URL - quite a collection!
Post by: Secondmineboy on July 18, 2013, 09:22:11 PM

Norton blocks the Page as Mass Injection.