Author Topic: What malware is here? It sure is a PHISH!  (Read 2794 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
What malware is here? It sure is a PHISH!
« on: September 01, 2012, 07:06:19 PM »
See: http://zulu.zscaler.com/submission/show/d50ea9479c9d9fd447604ea98d8bc299-1346518414  nothing detected
See: http://urlquery.net/report.php?id=118853
Flagged by Bitdefender's Traffic Light as unsafe.
Detected escaped characters above (, %3A, %3F, %26, %2B, %2F, %2B, %2F, %....) decodes to something like -> :?&+/+/+/+////++//==@#@@#@@#@@#@@#@@#@  and iFrame source: htxp://targetedtopic.com/sk-pxbrdg.php?rdiu≈ X55g%3ADD4vV4fY.JvVDQ%3FJPzGb%26UPKB5fNBf5%2BRfJ3Nf' width≈ 0 height≈ 0 frameborder≈ 0>
See: http://www.mywot.com/en/scorecard/targetedtopic.com?utm_source=addon&utm_content=popup-donuts
PHISHING malware domdex search retargeting, see WOT flags:
http://www.mywot.com/en/scorecard/domdex.com?utm_source=addon&utm_content=popup-donuts
known blacklisted scam site,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: What malware is here? It sure is a PHISH!
« Reply #1 on: September 01, 2012, 08:18:42 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: What malware is here? It sure is a PHISH!
« Reply #2 on: September 01, 2012, 09:56:59 PM »
Hi Pondus,

It is or was a JS/Kryptik.DA trojan download connection, it comes  in index.php &  wp-admin/index.php, and the hack has been with us since Nov. 2010,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: What malware is here? It sure is a PHISH!
« Reply #3 on: September 02, 2012, 01:30:46 AM »
This malware infects websites via a Joomla exploit. Interesting read here: http://forum.joomla.org/viewtopic.php?p=1671912 (poster bydosangel)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: What malware is here? It sure is a PHISH!
« Reply #4 on: September 02, 2012, 06:39:12 PM »
Norman lab
Quote
At the time of analysis not found any hidden code, the page may be cleaned, we will monitor the page.