Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on December 12, 2013, 12:54:34 AM

Title: Site hacked with an injector so avast! Web Shield blocks JS:Defacement-M[Tr]
Post by: polonus on December 12, 2013, 12:54:34 AM: The marvelous avast! Web Shield, you cannot be without it, as will again be demonstrated here.

Read: http://wordpress.org/support/topic/hacked-with-an-injector-cant-get-rid-of-redirect
See it in action here: http://evuln.com/tools/malware-scanner/bigdoginlineinc.info/
Detected here: https://www.virustotal.com/nl/url/185c12c571863d925c273ea81cef60d86fb8f2705a620cfd0e56830388c40838/analysis/1386805454/

So avast! Web Shield blocks and detect site/|{gzip} as infected with JS:Defacement-M[Trj]
We have protection, folks, we have protection!

pol
Title: Re: Site hacked with an injector so avast! Web Shield blocks JS:Defacement-M[Tr]
Post by: polonus on December 12, 2013, 02:28:59 PM: Another example of malcode injection, still doing the rounds in various forms.
IDS alerted as "http_inspect: MULTIPLE ENCODINGS WITHIN JAVASCRIPT OBFUSCATED DATA"
Read about this here: http://www.binarytides.com/malware-injection-in-wordpress-websites/ -> http://www.snort.org/search/sid/120-11

Also see: http://forum.avast.com/index.php?topic=139300.0

pol

SMF 2.0.18 | SMF © 2015, Simple Machines