Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
unknown_html_RFI_eval not detected? pr*pellerp*p adware...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: unknown_html_RFI_eval not detected? pr*pellerp*p adware... (Read 2142 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
unknown_html_RFI_eval not detected? pr*pellerp*p adware...
«
on:
February 26, 2013, 06:51:17 PM »
Not detected here:
http://wepawet.iseclab.org/view.php?hash=af9f5182a11c5fa906be32a0a542d2f9&t=1361899207&type=js
See:
http://vurldissect.co.uk/?url=1741975
Flagged here:
http://urlquery.net/report.php?id=1139375
->
http://www.urlvoid.com/scan/letitbit.net/
Heuristical detections:
http://www.malwareblacklist.com/searchClearingHouse.php?search=letitbit.net
(lot of malware closed)
PHISH detection:
http://support.clean-mx.de/clean-mx/view_evidence?id=9464198&table=viruses
Quttera detects a potentially suspicious files: 1
/js/jquery-1.8.3.min.js
Severity:
Potentially Suspicious
Reason:
Detected procedure that is commonly used in suspicious activity.
Details:
Too low entropy detected in string [['=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26async=%26=%26=%26=%26=%26=%260=%26=%26=%26=%26=%26=%260=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%260=%26=%26']] of length 548 which may point to obfuscation or shellcode.
Propellerpops can be adblocked via the easylist:
http://tamperdata.mozdev.org/source/browse/adblockplus/www/easylist/liste_fr%2Beasylist.tpl?annotate
See: propellerpops dot com/apu.php?zoneid=1862&lim=0&element=link&cb=259902949445&lbwm=22297&lbhs=a5e4fc081fd4fa76129ef792bc665ec2512cf49f benign
[nothing detected] (script) propellerpops dot com/apu.php?zoneid=1862&lim=0&element=link&cb=259902949445&lbwm=22297&lbhs=a5e4fc081fd4fa76129ef792bc665ec2512cf49f
status: (referer=letitbit dot net/download/89552.8bb3dd581ee59f1f3871fe8a4cb5/drevo.part1.rar.html)saved 10919 bytes 53e27990b4df937e43b2a69588dfa2a66f0ac9cb
info: [decodingLevel=0] found JavaScript
error: undefined function doc[add]
error: undefined variable add
suspicious:
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
unknown_html_RFI_eval not detected? pr*pellerp*p adware...