Avast WEBforum

Other => Viruses and worms => Topic started by: 12-es_csaj on January 23, 2011, 02:57:45 PM

Title: Nice Online Fake AV
Post by: 12-es_csaj on January 23, 2011, 02:57:45 PM: hXXp://freeavscanonline.com/scan1/83 (I hope it is correct)
I was redirected from Google picture searching.
Title: Re: Nice Online Fake AV
Post by: RejZoR on January 23, 2011, 03:05:34 PM: Target malware served to the user by this fake site is already detected as Win32:Malware-gen :)
Title: Re: Nice Online Fake AV
Post by: 12-es_csaj on January 23, 2011, 03:07:19 PM: Quote from: RejZoR on January 23, 2011, 03:05:34 PM
Target malware served to the user by this fake site is already detected as Win32:Malware-gen :)

Sorry.
My avast! didn't block the site. (- Web Shield on, PUP on, Heuristics - High and so on.)
That's why I crated this thread.
Title: Re: Nice Online Fake AV
Post by: Hermite15 on January 23, 2011, 03:18:35 PM: playing with fire, here's what I got in IE9 sandboxed, first theweb site message, and then when closing the dialog box (... yeah in such cases mostly ok and cancel are the same ), I got the IE smartscreen alert.

In Chrome I got nothing as JS was blocked in the first place.
Title: Re: Nice Online Fake AV
Post by: spg SCOTT on January 23, 2011, 04:00:17 PM: Quote from: 12-es_csaj on January 23, 2011, 03:07:19 PM
Sorry.
My avast! didn't block the site. (- Web Shield on, PUP on, Heuristics - High and so on.)
That's why I crated this thread.

At the end of all of the "scanning", it offers a scanner to download and fix everything - thats the download that RejZoR was referring to.

The site could be added to the network shield block list though, have you submitted it yet?
Title: Re: Nice Online Fake AV
Post by: Pondus on January 23, 2011, 04:07:08 PM: Quote
The site could be added to the network shield block list though, have you submitted it yet?
These scan URLs are usually dead after a day or two, then they move to a new place..
Title: Re: Nice Online Fake AV
Post by: 12-es_csaj on January 23, 2011, 04:12:11 PM: Quote from: spg SCOTT on January 23, 2011, 04:00:17 PM
Quote from: 12-es_csaj on January 23, 2011, 03:07:19 PM
Sorry.
My avast! didn't block the site. (- Web Shield on, PUP on, Heuristics - High and so on.)
That's why I crated this thread.

At the end of all of the "scanning", it offers a scanner to download and fix everything - thats the download that RejZoR was referring to.

The site could be added to the network shield block list though, have you submitted it yet?

avast! Web Shield doesn't detect the exe file before it tries to enter the PC after the scan.
Why Web Shield doesn't block the site itself.
Why?
Title: Re: Nice Online Fake AV
Post by: Pondus on January 23, 2011, 04:26:36 PM: Quote
Why Web Shield doesn't block the site itself.
see my post above...
Title: Re: Nice Online Fake AV
Post by: Hermite15 on January 23, 2011, 04:28:48 PM: the web shield doesn't block sites, but drive by downloads of malware while browsing (so links to such data when connection is attempted and malware content is detected). The web shield analyses data, not URLs. Network shield does block sites, and this address could or should have been added to the blacklist, but as Pondus said, these URL don't exist very long.
Title: Re: Nice Online Fake AV
Post by: RejZoR on January 23, 2011, 11:12:20 PM: The fake antivirus itself is harmless. It's just a webpage. The stuff that gets downloaded later is what's really malicious. It will probably get blacklisted prettty soon in Network Shield.