Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Another hacked site....
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Another hacked site.... (Read 1139 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33946
malware fighter
Another hacked site....
«
on:
November 30, 2014, 06:38:13 PM »
See:
http://killmalware.com/proimmigration.co.uk/
See Sucuri detect this:
http://sitecheck.sucuri.net/results/proimmigration.co.uk/
The probably compromise described:
https://github.com/harite/PHPDDOS/blob/master/index.php
in Document (title),
action script like htxp://www.leejoo.nl/java/backgrounds/sesam_open_u.htm
and consider: htxp://juristr.com/blog/2014/09/hack-mimic-disabled-checkboxes/
Not available link: htxp://www.hollymellodic.com/file/img/266.png
Is this downloader detected by our avast av? See:
https://www.virustotal.com/en/file/9071ecc86a27684a1c36451173d900dab88e9c4be2f621e725c3862310ca75fd/analysis/1342310478/
external link: htxp://nl.tinypic.com/view.php?pic=2zq5ut5&s=5
Malware on IP now dead:
http://www.wgpremium.cn/clean-mx/viruses.php?review=212.1.215.54&sort=id%20DESC
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33946
malware fighter
Re: Another hacked site....
«
Reply #1 on:
November 30, 2014, 06:50:59 PM »
Lots of scanners miss this defacement hack:
https://app.webinspector.com/public/reports/27239997
and this one missed it:
http://zulu.zscaler.com/submission/show/6260c1fe4cee53955a94d5848c4d8da8-1417369419
and this one:
http://www.isithacked.com/check/http%3A%2F%2Fproimmigration.co.uk
The one that detected it via the spam check was Websicherheit security tool:
Suspicion of Spam/Defacement
";tb5_messages[1] = "
--=[hacked by -= [3xp1r3 cyber army] =-
";tb5_rpttype = 'infinite';tb5_rptnbr = 20;tb5...
blocked for me is this Indonesion script upload: htxp://www.switchsystems.ie/quinn/upload/Script.txt
& htxp://sedefeczadeposu.com/index.html---
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Another hacked site....