Avast WEBforum

Other => Viruses and worms => Topic started by: zzcool on July 05, 2011, 01:19:18 PM

Title: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)
Post by: zzcool on July 05, 2011, 01:19:18 PM

i did a google search about someone who is a "hacker" and i found this site

http://www.mywot.com/en/scorecard/corraltutorials.webs.com

(please note this is the url to WOT the site is in the end of the url but i don't want to make it clickable)

can anyone tell me if it's bad

i accessed it through internet explorer who is protected by avast sandbox i also got avast internet security updated expires in august 2012

so can any expert just check the site for me i know i shouldn't get scared for small things like this but i can't help it i am

i would like a very quick answer doing a fast scan at the moment

edit avast quick scan found nothing doing a superantispyware scan

and please someone reply

Title: Re: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)
Post by: zzcool on July 05, 2011, 03:21:20 PM

can anyone please help me?

Title: Re: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)
Post by: Pondus on July 05, 2011, 11:13:38 PM

Well sucuri scanner say infected with this
http://sucuri.net/malware/malware-entry-mwdefaced01
from the screenshot it looks as some kind of joke?

see attached screenshot

unmask parasites and VirusTotal say clean and URLVoid will not give a result

Title: Re: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)
Post by: polonus on July 05, 2011, 11:37:28 PM

Hi Pondus and zzcool,

Site has been hacked, see in the google search results at the top giving: H.A.C.K.E.D - XxxV1r0j4NxxX: -http://corraltutorials.webs.com/
I would do a MBAM scan also after an eventual visit of that site,
because see attached script threat found there, see attached gif

polonus

Title: Re: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)
Post by: polonus on July 06, 2011, 12:04:21 AM

Hi Pondus,

Sucuri should have found it in real time, really, see here at the bottom, where it is mentioned:
http://tools.sucuri.net/?page=tools&title=blacklist&seeall=1&detail=d36eb5a495a9bee79a075e08fc0e3cd1

After is was hacked and defaced, the code was found up by a real-time JS_script de-obfuscation scanner. Won't give that link here, because it should not be abused. So I gave a representation as the gif image I have attached to the above posting,

for the exploit mentioned there, see: http://blog.trendmicro.com/new-ie-zero-day-exploit-cve-2010-0806/  author of above link is trendmicro's Valerie Boquiron (Technical Communications)

Unmasked parasites also give this external reference link as a gif image as suspicious:
http://www.google.com/safebrowsing/diagnostic?site=images.webs.com
Last time suspicious content was found there was on 2011-06-17, this resulted in the infection of one site e.g. no1 dot vn/

pol

Title: Re: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)
Post by: Pondus on July 06, 2011, 08:56:03 AM

Norman lab confirms infected

Quote

corraltutorials.webs.com.htm : Processed - HTML/Agent.NA