« previous next »
Pages: [1]   Go Down

Author Topic: Defaced website with javascript malware blocked by Browser JS Guard extension!  (Read 1064 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34038
  • malware fighter
Defaced website with javascript malware blocked by Browser JS Guard extension!
« on: November 17, 2015, 01:38:46 AM »
See: http://killmalware.com/scrolllock.hu/#   T-Mobile Czech Republic a.s. abuse!
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fscrolllock.hu
Detected libraries:
jquery - 1.6.2 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code

Detection missed: http://urlquery.net/report.php?id=1447720394938
Sucuri has it: Known javascript malware. Details: http://sucuri.net/malware/entry/MW:IFRAME:HD28

Malware: -https://www.malwaretracker.com/pdfdata.php?sha256=7bca90caeafafc6c7c96c9c60941d65c9701bd950277b2bad57d46a67b42546a&obj=75&gen=0&dup=814122&type=decoded Memory dump of where the webpages are stored....
index.html
Severity:   Malicious
Reason:   Detected malicious PHP content
Details:   Website Potentially Defaced

polonus
« Last Edit: November 17, 2015, 01:51:15 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »