Avast WEBforum
Other => General Topics => Topic started by: vincejami on September 07, 2011, 09:41:57 AM
-
Could you please remove this url from you database, please!!!!
hxxp://www.filmfestamiens.org
-
Sucuri says: Infected
http://sucuri.net/malware/malware-entry-mwanomalysp7
-
VirusTotal - HTML scan
http://www.virustotal.com/file-scan/report.html?id=8906156ad52abe208a056e1f34c9eaa7f34ba02a8497d8f8114c6a261ce080f2-1315389272
VirusTotal - URL scan
http://www.virustotal.com/url-scan/report.html?id=1b7437237b59b082ba9829aadd58eff9-1315382066
Wepawet
http://wepawet.iseclab.org/view.php?hash=1b7437237b59b082ba9829aadd58eff9&t=1315389891&type=js
-
Hi vincejami,
Break that link something like: -http://www.filmfestamiens.org/
or hxtp or wXw
Before avast blocks this I get alerts for:
- Oracle Java Web Start Plugin Command Line Argument Injection, CVE-2010-0886
- Oracle Java Applet2ClassLoader Remote Code Execution Exploit, CVE-2010-4452
- Java Plugin LaunchJNLP DocBase, CVE-2010-3552
See: http://www.google.com/safebrowsing/diagnostic?site=filmfestamiens.org
-rebotstat.com infected this site and 56 others,
polonus
-
Well, it seems to be the yahoo referencing file that was infected... good joke from google. I do not think there is real infection, can you verify, because the damage is big enough!
-
according to Sucuri it is still there
found here
filmfestamiens.org
filmfestamiens.org/./?Tarifs&lang=fr
filmfestamiens.org/?-En-direct-du-festival-&lang=fr
filmfestamiens.org/?-Post-production-&lang=fr
filmfestamiens.org/?-Scenario-&lang=fr
filmfestamiens.org/spip.php?breve39&lang=fr
Information for Website Owners http://stopbadware.org/home/webmasters
Tips for Cleaning & Securing Your Website http://www.stopbadware.org/home/security
Protect your interwebs with Sucuri http://sucuri.net/signup
-
Hi Pondus,
You are right. I just had a look at the source via a security proxy. See malscript below that is being flagged,
polonus
-
so that's it ... like this, thank you for ways you heldped me, such an aberration. we can see some organizations that would try a lot of things to keep being in the front place... or perhaps i'm wrong... nevermind. thanks
-
Small question if you don't mind me asking how good is Sucuri when scanning website, because I've never heard of Sucuri ???
-
;D
-
Small question if you don't mind me asking how good is Sucuri when scanning website, because I've never heard of Sucuri ???
Check most of Asyn's and Pondus' posts, they use it and it generally catches the scripts in the infected pages. I would say quite effective
-
Small question if you don't mind me asking how good is Sucuri when scanning website, because I've never heard of Sucuri ???
You only have to look at some of the results, e,g, the image above. So it at the very least showing what it considers the suspect code rather than just saying it is infected.
If you also look at other evidence, such as the Wepawet link ginen by Pondus, you will see two hidden iframes (I hate anything hidden) and one of those goes to sidinggear.cu.cc. This domain is on the malware domains list, http://www.malwaredomainlist.com/mdl.php (http://www.malwaredomainlist.com/mdl.php), use the search function.
So when you start to get cumulative instances of infection, suspicion then I would say the evidence is there, the site has most likely been hacked.
Firefox also blocks the sidinggear.cu.cc domain in the hidden iframe, see image.
-
Hi vincejami,
DavidR is right, and this is what is being blocked:
2011-09-07 11:54:59 -http://sidinggear.cu.cc/showthread.php?t=82651514 97CEF9949D39A13816056AB110022887 95dot163dot66dot184 RU Trojan.JS.Redirector.py
it is a site that directly or indirectly facilitates the distribution of malicious software or source code, see: http://www.urlvoid.com/scan/sidinggear.cu.cc
polonus
-
now it's ok, thanks for all
-
No problem, glad that you now have it resolved.