Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on November 05, 2011, 03:31:14 PM

Title: Site blacklisted but has it malcode on it?
Post by: polonus on November 05, 2011, 03:31:14 PM
See: http://urlquery.net/report.php?id=7445
Found this: -xtraliteroofsystems.co.uk/templates/vanilla/warp/js/dropdownmenu.js suspicious
[suspicious:2] (ipaddr:-178.18.113.205) on -ds183125-1.lcndedicated.com
 (script) - xtraliteroofsystems.co.uk/templates/vanilla/warp/js/dropdownmenu.js
http://www.google.com/safebrowsing/diagnostic?site=xtraliteroofsystems.co.uk
5 scripting exploits, 1 exploit.
same here: -lamborghiniclub.co.uk/media/system/js/caption.js suspicious
all due to maxruntime exceeded 10 seconds (incomplete) 0 bytes
The blacklisting could have been because of this one time malcious redirect:
-http://shdgul.xtraliteroofsystems.co.uk/pr/scrp.php via a hidden iFrame hack

pol
Title: Re: Site blacklisted but has it malcode on it?
Post by: DavidR on November 05, 2011, 05:44:18 PM
Blacklisted by who ?

Many blacklists are of historic data and are slow to remove from a blacklist.
Title: Re: Site blacklisted but has it malcode on it?
Post by: polonus on November 05, 2011, 10:12:08 PM
Hi DavidR,

I checked this because I found it mentioned on a recent VirusWatch migration listing. That was from yesterday.

The malware landscape is an ever changing one. After reading the book Innocent Code recently, I became  further convinced that the web has an innumerate number of vulnerable sites on it (meaning there is no scientific method to tackle this problem profoundly). So there is an enormous amount of scanning going on, together with the know how that brings, to make users more aware of the threats out there and help them towards better protection. But we still have a long, long way to go. I think it makes sense, else I would not be doing this here.

Then I have to say there is not an online scanner out there and there is a large scala of them that will give the ultimate final results. You have to combine the results of various scanners and sometimes have to go and have a look at the code itself residing there to give a reliable verdict of the actual situation and what might be out there.

Blacklists and web rep lists are hopeless resources i.m.h.o. Just look here.
Well, I compared these two lists and they come up with different results:
http://www.checksitesafe.com/site/xtraliteroofsystems.co.uk
This gives you 40 points more: http://www.webutation.net/go/review/xtraliteroofsystems.co.uk

I know that site has Joomla on it and therefore it is prone to Joomla vulnerabilities,

polonus
Title: Re: Site blacklisted but has it malcode on it?
Post by: Left123 on November 05, 2011, 10:38:11 PM
Hi DavidR,


 You have to combine the results of various scanners and sometimes have to go and have a look at the code itself residing there to give a reliable verdict of the actual situation and what might be out there.




polonus
So true.We need an online(literally) service which is able AT LEAST to check for code changes etc.