Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on January 11, 2016, 06:03:34 PM

Title: Blacklisted defaced website with Avast detecting VBS:Agent-KZ [Trj]
Post by: polonus on January 11, 2016, 06:03:34 PM

See: http://zulu.zscaler.com/submission/show/27aabeab7843fdf32349332c104de525-1452531041
100/100 malicious
Not flagged: https://urlquery.net/report.php?id=1452530059796
Blacklisted by Yandex and Google Safebrowsing: Current status:

Dangerous -bajaboats.ru is not safe to visit right now.

Site Safety Details: Some pages on this website send visitors to dangerous websites.
Suspicion of Defacement

51 <html> <script> alert(" hacked by mujahidin cyber army ") </script> </script> <head> <title>hacked by mujahidin cy...
Wshell script dropper hack.

pol

Title: Re: Blacklisted defaced website with Avast detecting VBS:Agent-KZ [Trj]
Post by: jefferson sant on January 12, 2016, 02:29:27 AM

Avast blocked both the defaced as  VBS as a single detection
HTML:Dropper-R [Trj]

YBZ600HJ.htm
Detection: 45/55 

https://www.virustotal.com/en/file/2d21bb784702fb1204d84a120f80d2184b6f687a89fae3d43774e03c83ab4034/analysis/1452562065/

Title: Re: Blacklisted defaced website with Avast detecting VBS:Agent-KZ [Trj]
Post by: polonus on February 13, 2016, 10:38:57 PM

Update
Website is still very much hacked and defaced and this is detected, blacklisted and blocked: http://toolbar.netcraft.com/site_report?url=http://bajaboats.ru

polonus

Title: Re: Blacklisted defaced website with Avast detecting VBS:Agent-KZ [Trj]
Post by: polonus on October 22, 2016, 06:03:53 PM

Update: Nothing changed, still with malware: http://killmalware.com/bajaboats.ru/#
Re: https://www.virustotal.com/nl/url/7e4af60a123aed4e91b5b6aa26f565d15ac1624712f1853d67eea55ed174c537/analysis/
See: -http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fbajaboats.ru%2F&useragent=Fetch+useragent&accept_encoding=
Do not go there as the mal VBScript is there.

polonus