Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on November 23, 2014, 05:30:17 PM

Title: Malware.QVM23.Gen not detected? error page given now?
Post by: polonus on November 23, 2014, 05:30:17 PM: See: https://www.virustotal.com/nl/url/3cfc800ddf5a58ee652d651b716f3be8c114ac0b7607583f78ad0d942c9267f1/analysis/1416759120/
and https://www.virustotal.com/nl/file/482c8740c045ceb5dfaaf6aa30058c32ee02eacfe19df6b0e3c11fb7801e82f9/analysis/1416759291/
Quttera gives as blacklisted: List of blacklisted external links: 28
On extended validation: apk.hiapk dot com//search?key%3D%e7%99%be%e5%ba%a6%e9%9f%b3%e4%b9%90%e6%92%ad%e6%94%be%e5%99%a8

Sucuri misses detection: http://sitecheck.sucuri.net/results/apk.hiapk.com

Dom XSS vuln: Results from scanning URL: htxp://apk.hiapk.com/js/lib/RequireConfig.js (for: this.modal.innerHTML='<iframe)
Number of sources found: 35
Number of sinks found: 5

XSS bypass exploit: http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-5531/Apache-Coyote-Http-Connector.html

Landed here: http://apk.hiapk.com/errorpage/500.html

Detection is an Adware Agent detection, but also could be a FP.

pol

SMF 2.0.18 | SMF © 2015, Simple Machines