Avast WEBforum
Other => Viruses and worms => Topic started by: gbe90 on May 28, 2012, 04:51:36 PM
-
malware site??
[/size]
[/size]hxxp://socialcam.com/v/gorCwlFH (http://forum.avast.com/hxxp://socialcam.com/v/gorCwlFH)[/b]
[/size]
[/size]virustotal https://www.virustotal.com/url/538a11904bf864a1bb4dfdbd1b65f0634cf9177a08b930c20fe4cbe0bb5f79ec/analysis/1338216328/ (https://www.virustotal.com/url/538a11904bf864a1bb4dfdbd1b65f0634cf9177a08b930c20fe4cbe0bb5f79ec/analysis/1338216328/)
[/size]
[/size]anubis http://anubis.iseclab.org/?action=result&task_id=1efb93996337ef0e48de0254d6b5bf7ff&format=html (http://anubis.iseclab.org/?action=result&task_id=1efb93996337ef0e48de0254d6b5bf7ff&format=html)
[/size]
[/size]http://zulu.zscaler.com/submission/show/c3283837564cd709c8a5359021c7ff6f-1338216430 (http://zulu.zscaler.com/submission/show/c3283837564cd709c8a5359021c7ff6f-1338216430)
[/size]
[/size]eset detected cahe poised, thanks,
-
Malicious Obfuscated content found for that URL
Obfuscation could be de-obfuscated as: "document.write('<a href=\"mailto:webcontactATsocialcam dot com\">Email Us<\/a>');"
polonus
-
So any kind of obfuscated content will alert Zulu's Scanner?
Quote: "Malicious Obfuscated content found"
Also, if the webmaster wanted to prevent his email from being harvested, he could've used @ which decodes to @
Resource: http://www.asciitable.com/index/asciifull.gif
-
Hi !Donovan,
For me it is just also a foolproof anti-spam measure, but it can also be used reversely,
eset detected cache poised for that site...
Conditional compilation used here to sniff: /*@cc_on!@*/ false
The alternative would naturally be: var isMSIE = /*@cc_on!@*/!1;
polonus
-
VirusTotal
https://www.virustotal.com/file/0399184a71e1a03b130cf79012d13e7db8d9d38f21b5fa3619ac5ad469ece8a5/analysis/1338222246/
This page seems to be <suspicious> 1 suspicious inline script found.
http://www.UnmaskParasites.com/security-report/?page=socialcam.com/v/gorCwlFH
wepawet
http://wepawet.iseclab.org/view.php?hash=805de6ee72be18c415e481e66b7d81b1&t=1338222377&type=js
-
Hi Pondus & !Donovan,
That means that the Zcaler flag is because of the inline script flagged by Google Safebrowsing, but I think that was just obfuscation taken as a potential XSS problem, see: htxp://apidock.com/rails/ActionView/Helpers/UrlHelper/mail_to#355-Javascript-encoding-DOES-work- (poster Bounga on Flowdock blog gives the same encoded script). So I would say, verdict: false positive,
polonus