Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on July 18, 2014, 04:11:12 PM

Title: avast! detects JS:Redirector-BUR[Trj] on site-scan.
Post by: polonus on July 18, 2014, 04:11:12 PM: See: https://www.virustotal.com/nl/url/6488f7a0f8e192eb1a5bd50a27a8c2406b89ee8d1efdb470fbcb7e472abd197d/analysis/1405692142/
See: http://app.webinspector.com/public/reports/show_website?result=3&site=http%3A%2F%2Fpictureshut.com
Object: htxp://pictureshut.com/
SHA1: faac2cd635425907b99547deaf17a001f7e8c568
Name: Suspicious-WI. iFrames encoded & encrypted
What is checked? JavaScript check:
Suspicious

avascript"> <!-- eval(unescape('%66%75%6e%63%74%69%6f%6e%20%62%39%31%65%62%64%31%30%28%73%29%20%7

Malware check:
Infected

pe="text/javascript"> <!-- eval(unescape('%66%75%6e%63%74%69%6f%6e%20%62%39%31%65%62%64%31%30%28%73%29%20%

code is loading a random subdomain-sld combo with a cookie set, to load insecure content.
Remote PHP code execution vulnerability attack!

polonus
Title: Re: avast! detects JS:Redirector-BUR[Trj] on site-scan.
Post by: Pondus on July 18, 2014, 04:15:23 PM: INFECTED

sucuri http://sitecheck.sucuri.net/results/pictureshut.com/

html
https://www.virustotal.com/en/file/16085a9b9b06ade9d2e257fa1154a3c8e1df1442e618fae83ce834e5995cb8c4/analysis/1405692867/

missed here http://killmalware.com/pictureshut.com/

SMF 2.0.18 | SMF © 2015, Simple Machines