Avast WEBforum
Other => Viruses and worms => Topic started by: Henrique - RJ on July 03, 2011, 07:30:04 PM
-
The attack is affecting millions of Brazilians in Orkut.
The cracker, in the phishing site, asks the person run the code in the browser:
Any antivirus is detecting.
-
dont post potentially malwarecode in the forum, as this can/will trigg AV warnings if/when detected by any AV to those entering the forum
so please remove the code, if you want to post it take a picture of it and post the pic
-
VirusTotal 0/42
http://www.virustotal.com/file-scan/report.html?id=f6789f5ca78162bf54030af39980ba920e2c19ba80cbc662b59af87590811787-1309717773
-
Exact, any antivirus detects it for the time being ...
-
Hi Henrique - RJ,
There is a write-up on this threat which can be read here: http://www.knowthetech.com/2010/11/orkut-infected-with-malware-again.html
More to be found on the google help page here: http://www.google.com/support/forum/p/orkut/thread?tid=3c422fbd51d16b83&hl=en
MBAM, SAS and HitmanPro Scans are being adviced in the link given. The use of HitmanPro should only be performed under professional guidance, because if not properly handled it could ruin your operational system,
polonus
-
Hi Henrique - RJ,
There is a write-up on this threat which can be read here: http://www.knowthetech.com/2010/11/orkut-infected-with-malware-again.html
More to be found on the google help page here: http://www.google.com/support/forum/p/orkut/thread?tid=3c422fbd51d16b83&hl=en
MBAM, SAS and HitmanPro Scans are being adviced in the link given. The use of HitmanPro should only be performed under professional guidance, because if not properly handled it could ruin your operational system,
polonus
But my intention to open this topic is that the signature is created for the database so that Avast detects this.
-
NORMAN analysis
Hi,
"Script.txt" contins a url (hxxp://chiipssgoogle.hd1.in/cod2.txt) to download another obfucated script to work on Orkut profile. Further it redirects to fake URL.
Readable format of this script is at: hxxp://pastebin.com/EtjRJ3CB
"script.txt" would be detected as "JS/Redirector.CO"
Thanks
-
Avast team seems not be interested.
-
Hi Henrique - RJ,
Did you sent your observations and the malcode link to virus AT avast dot com via mail?
If so they will not send you a personal notification, but it is my experience that they take all that is being sent there very, very seriously. Especially where Brazilian banking trojans are concerned they should be extra watchful, seen to the overal avast detection rate that is open to some real improvement, so stay optimistic, Henrique - RJ. Avast never had let us down, so wait for detection...
polonus
-
Yes I sent many days ago ...
-
and avast still not detect the script ...
The avast team has no interest !
-
can you post the link to the scan result ?
-
Of VirusTotal ?
-
yes if that is where you scanned it
-
http://www.virustotal.com/file-scan/report.html?id=7c2f842efcd6903cc71985c239136ac7bab5506b6ab0b8bb26ee7d60495c8ad2-1310247801
And should have many malicious scripts of Orkut that avast does not detect and the avast team has not interest ...
Avira and Norman already detecting !
-
Too late ...
The brazilians crackers are no longer attacking on Orkut.
Avast is still not detecting ...
:'(
-
And Avast is still not detecting ...
:'( :'( :'(
-
Hello virus analisty !!!
The script it's still not detected by Avast.
Please !
-
Do you have a copy of the file to give to Avast ?
-
Yes
Attached
-
Could you now remove it please from your post
Also it is just a text file - how is it delivered ?
-
Yes
Attached
Ваш запрос был проанализирован. Присланный Вами файл не представляет угрозы.
Спасибо за сотрудничество.
To reсeive notifications in English, send a blank email to lang@rt-web.dev.drweb.com
--
С уважением,
Служба вирусного мониторинга ООО "Доктор Веб"
-------------------Запрос--------------------------------------
This is software generated mail message on behalf of virus hunters activity.
Category: SUSPICIOUS FILE
File: cod2.txt
MD5: f54a43ab282cc9dbf68ca7ca53058dc2
Your request has been analyzed. Sent you the file is not a threat.
-
Could you now remove it please from your post
Also it is just a text file - how is it delivered ?
Yes, look a first post for this topic: http://forum.avast.com/index.php?topic=80972.msg662188#msg662188
Yes
Attached
Ваш запрос был проанализирован. Присланный Вами файл не представляет угрозы.
Спасибо за сотрудничество.
To reсeive notifications in English, send a blank email to lang@rt-web.dev.drweb.com
--
С уважением,
Служба вирусного мониторинга ООО "Доктор Веб"
-------------------Запрос--------------------------------------
This is software generated mail message on behalf of virus hunters activity.
Category: SUSPICIOUS FILE
File: cod2.txt
MD5: f54a43ab282cc9dbf68ca7ca53058dc2
Your request has been analyzed. Sent you the file is not a threat.
Look please
http://www.virustotal.com/file-scan/report.html?id=7c2f842efcd6903cc71985c239136ac7bab5506b6ab0b8bb26ee7d60495c8ad2-1317057727
-
http://jsunpack.jeek.org/dec/go?report=71691e5489134cc18fced26195f3b8e722883747
URL
hххp://www.myspace.com/570785160/blog/543467696/?6388
Status
(referer=www.google.com/trends/hottrends)failure: HTTP Error 404: Not Found
Сurrently do not introduce to the threat.
-
Ok Ok
I understand.
But the code in txt is jscript redirect !
"HTTP Error 404: Not Found" because it was removed (three months ago).
-
Ok Ok
I understand.
But the code in txt is a redirect !
"HTTP Error 404: Not Found" because it was removed (three months ago).
Well this is a question for analysts avast .. but they rarely comment on that here, but note that few are added to the database, I think there is no reason to worry) How is Brazil? heat?
-
see reply #4 and #6
-
Ok Ok
I understand.
But the code in txt is a redirect !
"HTTP Error 404: Not Found" because it was removed (three months ago).
Well this is a question for analysts avast .. but they rarely comment on that here, but note that few are added to the database, I think there is no reason to worry) How is Brazil? heat?
Ok
oohh no much heat here today in Rio de Janeiro city: 22ºC
Child's photo very beautiful !
-
http://www.earthcam.com/brazil/riodejaneiro/
Красиво - beautifully :)
-
http://www.earthcam.com/brazil/riodejaneiro/
Красиво - beautifully :)
:)