« previous next »
Pages: [1]   Go Down

Author Topic: Only Google Safebrowsing protecting us from HTML/Drop.Agent.AB?  (Read 1215 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33939
  • malware fighter
Only Google Safebrowsing protecting us from HTML/Drop.Agent.AB?
« on: September 29, 2014, 04:32:55 PM »
See: https://www.virustotal.com/nl/url/4d385bd654c19c6185acf91a00973d844ede3face7f4dd7507cbfabbade91375/analysis/1412000182/
and detected here: http://quttera.com/detailed_report/brasilconect.net
/index.html
Severity:   Malicious
Reason:   Detected reference to blacklisted domain
Details:   Detected reference to malicious blacklisted domain wXw.brasilconect.net
File size[byte]:   128312
File type:   HTML
Page/File MD5:   933E6853C79EE58C90B145AED3490058
Scan duration[sec]:   0.075000

Potentially harmful site compromised: IP badness history: https://www.virustotal.com/nl/ip-address/187.17.98.129/information/
Nothing here: http://urlquery.net/report.php?id=1412000750249

Code hick-up:
ine:21: SyntaxError: missing ; before statement:
          error: line:21: Set FSO = CreateObject("Scripting.FileSystemObject")
          error: line:21: ^
     error: line:20: SyntaxError: XML tag name mismatch (expected link):
          error: line:20: </head>
          error: line:20: ..^
This blocked by Google as with malware: http://brasilconect.net/Scripts/swfobject_modified.js

And no-break spaces in code found benign to hold elements together or create multiple spaces!

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37626
  • Not a avast user
Re: Only Google Safebrowsing protecting us from HTML/Drop.Agent.AB?
« Reply #1 on: September 29, 2014, 05:35:17 PM »
« Last Edit: September 29, 2014, 06:15:52 PM by Pondus »
Logged
Pages: [1]   Go Up
« previous next »