Avast WEBforum
Other => Viruses and worms => Topic started by: iroc9555 on March 28, 2012, 10:42:22 PM
-
I posted this in " Samples missed by Avast! ". Obviously no the right place. Appologize for the double post.
Can someone take a look at this.
MBAM detects IP suspicious and blocks it. Avast! does not do anything
-http://www.futbolarg.com/
Nada in VT, Sucuri, or URL link scanner:
https://www.virustotal.com/url/8ff75c9a6122285bc6bad8ae0e6105cf3be2d3d0165b8601b7c6e1d1b022af69/analysis/1332965165/
http://sitecheck.sucuri.net/results/http://www.futbolarg.com/
http://vscan.urlvoid.com/analysis/293964cfa43ef77ef1a0978efc2599f9/aW5kZXg=/
but Zulu and urlQuery finds something suspisious or IP reported by sources:
http://zulu.zscaler.com/submission/show/e2d7fa760e91f072232bdcc9faa10809-1332963901
http://urlquery.net/report.php?id=36018
What is the deal ?
-
There is some adware via this link there: ads.cpxinteractive dot com/ttj?id=769595&size=300x250
Given clean here: http://siteinspector.comodo.com/public/reports/866700
BrighTCloud rep green 96 trustworthy
Attack code described here: http://xss.cx/examples/html/ib.adnxs.com.xss-sql-injection.html (see code on urlquery) link source
CloudScan Vulnerability Crawler
polonus
-
What is the deal ?
Looks like a MBAM FP.
-
Hi Asyn,
As MBAM also detects minor misdemeanors as adware tracking, that would qualify here. If not explicitly detected at least as we see from the analysis the vulnerability can be abused. Not actually interesting or threatening to the visitors of mentioned site, but the website owner better be aware of these issues,
polonus
-
Thanks guys.
I'l report back the findings to the interested party at the Spanish Forum. May also post at MBAM, but I doubt they would change the alert.
-
Hola iroc9555,
It is becoming a small world indeed. Site is multi-lingual (English, Italian, German, Spanish & Argentinian) and is hosted in Sweden,
polonus