« previous next »
Pages: [1]   Go Down

Author Topic: avast! Web Shields detects remnants of code in a write-up.  (Read 1705 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34066
  • malware fighter
avast! Web Shields detects remnants of code in a write-up.
« on: February 27, 2013, 06:42:01 PM »
Going here to this blog: htxp://blog.crysys.hu/2013/02/miniduke/  (link article author = admin) I got a avast! Web Shield alert for BV:Persistence-A[Trj] on http://blog.crysys.hu/feed/  going there with a file viewer I get the same alert for http:/../?tgt=htxp%3A%2F%2Fblog.crysys.hu%2Feed%2ref_se
Probably enough of the miniduke code (total size only 20kb) is being exposed there to launch the avast! Web Shield alert. However there cannot be any payload from a write up on miniduke like with "the real McCoy". avast! Webshield detects miniduke, that's for sure. Funny that here there seems no flag: http://vurldissect.co.uk/?url=1742177
Just on a side-note when I have NoScript active there is no alert from the avast! Web Shield....

polonus
« Last Edit: February 27, 2013, 06:47:55 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »