Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does avast detect script-blogfa-js?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Does avast detect script-blogfa-js? (Read 2409 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Does avast detect script-blogfa-js?
«
on:
February 20, 2011, 05:50:43 PM »
The malware is at: htxp//mythemes.ir/t33/script-blogfa.js
Nothing found here:
See:
http://www.virustotal.com/url-scan/report.html?id=c519849105caf7b6da391526c04a3740-1298216531
Flagged here:
See malware details:
http://sucuri.net/malware/entry/MW:IFRAME:HD28
,
Javascript encoding used to hide a malicious iframe
For the script also: htxp://jsunpack.jeek.org/dec/go?report=baa5633ff787981a08c2aca676b72228e71d9b5a
(given as benign, see attached)
Look here:
http://vscan.urlvoid.com/analysis/d7ac7863baf6d63ec18b39db8aaaf1ef/c2NyaXB0LWJsb2dmYS1qcw==/
polonus
«
Last Edit: February 20, 2011, 06:08:09 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37700
Re: Does avast detect script-blogfa-js?
«
Reply #1 on:
February 20, 2011, 07:08:32 PM »
Nope, only Avira detect
VirusTotal - script-blogfa.js -
1
/43
http://www.virustotal.com/file-scan/report.html?id=a082c59b50022dad5fdd2a637bd03799444663d8240d67d79724e6a26655b584-1298225202
Also malware reported by Sucuri Scanner
«
Last Edit: February 20, 2011, 07:41:04 PM by Pondus
»
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Does avast detect script-blogfa-js?
«
Reply #2 on:
February 20, 2011, 07:25:01 PM »
Hi Pondus,
Check here:
http://rexbd.net/validator/index.php?url=http
...
Look here:
http://wepawet.iseclab.org/view.php?hash=c519849105caf7b6da391526c04a3740&t=1298226589&type=js
(crypto)
It would be better if this heuristic script was found proactively by avast, because afterwards it has to be cleansed from the browser cache (or removed from user/app data) and one could be in need a flash desinfection routine. It is always a good habit for users to go and give their user file. e.g.: Computer: users : username etc. a thorough scan once in a while. I personally found up a couple of issues after a full scan, after using malzilla.
For that reason it is also a good procedure to clean up after a browser session,
polonus
«
Last Edit: February 20, 2011, 07:37:54 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
spg SCOTT
Guest
Re: Does avast detect script-blogfa-js?
«
Reply #3 on:
February 20, 2011, 07:55:32 PM »
I have submitted this script to avast via the chest, with a link included.
Pol, be sure to check the malzilla settings to clear cache on exit
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Does avast detect script-blogfa-js?
«
Reply #4 on:
February 20, 2011, 08:59:59 PM »
Hi spgSCOTT,
Thanks for the tip, but the settings are set that way. First instance it had run it sandboxed and then you also have to empty the contents of the sandbox, thanks for submitting the script,
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Omid Farhang
Frontend Developer
Avast Evangelist
Super Poster
Posts: 1660
I wish I could write longer personal text!!
Re: Does avast detect script-blogfa-js?
«
Reply #5 on:
February 20, 2011, 11:12:13 PM »
Nice to see malwares from Iran!
Logged
Twitter: OmidFarhangEn - OS: Manjaro KDE
Pondus
Probably Bot
Posts: 37700
Re: Does avast detect script-blogfa-js?
«
Reply #6 on:
February 21, 2011, 07:38:22 AM »
NORMAN analysis confirms it is malware
Quote
script-blogfa.js : Processed -
JS/Agent.KA
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does avast detect script-blogfa-js?