Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on May 16, 2012, 12:00:06 AM

Title: IDS flags Blackhole on site, others give clean....avast webshield protects
Post by: polonus on May 16, 2012, 12:00:06 AM

Hi forum friends,

See: http://zulu.zscaler.com/submission/show/a85c1235f6198e18d8c64d3665d103bd-1337118425   a green 15/100 benign (reported there)
http://urlquery.net/report.php?id=55898  flags ET CURRENT_EVENTS Blackhole Landing for prototype catch substr
Discussion of mentioned Emergingthreats sigs for ET CURRENT_EVENTS Possible Request for Blackhole Landing Page  (class type:trojan-activity)
-> : http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/16217 (rules given by Kevin Ross)
IDS rules can only be used as additional form of protection and need a fully scaled JS interpreter installed as well next to it.
Malware is flagged as  unknown_html_google_malware, but google safebrowsing now gives it as safe.

But the avast webshield flags this as JS:Blacole-K[Trj]
Again my good forum friends we are being protected here by the avast webshield!

polonus

Title: Re: IDS flags Blackhole on site, others give clean....avast webshield protects
Post by: Lisandro on May 16, 2012, 12:55:01 AM

Thanks for the heads up Polonus :)