Avast WEBforum
Other => Viruses and worms => Topic started by: Klauwkikker on July 27, 2011, 07:15:20 PM
-
Is this a false positive?
It is a welknown Dutch opinionsite.
Infection Details
URL: http://xxx.joop.nl/fileadmin/template/inc/js/redirMobile-min.js|%3E{gzip}
Process: file://C:\Program Files\Mozilla Firefox\firefox.exe
Infection: html:Iframe-inf
xxx stands for www
-
Sucuri say infected....
see attached screenshot
malware type
http://sucuri.net/malware/malware-entry-mwiframehd421
-
Filename: redirMobile-min.js
Status: Scan finished. 2 out of 20 scanners reported malware.
http://virusscan.jotti.org/en/scanresult/c9e8b1cc2b524e7f963dfac40bdc6321b57ba3ec
VirusTotal - redirMobile-min.js - 4/43
http://www.virustotal.com/file-scan/report.html?id=bac3240d18bfa6194aa65701e799946bdad1a975fa069013652f584eb5d44965-1311787300
-
Hi Klauwkikker & Pondus,
Scanned the IPframe redirect here: http://wepawet.iseclab.org/view.php?hash=52ee1c0c20d38b7edb071123b878a5aa&t=1311793379&type=js (malicious)
Exploit being abused is HPC URL Help Center URL Validation Vulnerability - CVE-2010-1885;
see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885
Also see attachec source code for the url you provided,
polonus
-
Is this a false positive?
It is a welknown Dutch opinionsite.
Norman analysis confirms the detection is correct
redirMobile-min.js : Processed - HTML/Iframe.KY