StumbleUpon Virus

[Purrington]

Every time I try to go to hxxp://www.StumbleUpon.com I get a notice from Avast that Avast has blocked a Virus.

How can I enter this site without getting a virus?

Is there a way I can set it up so I can only open StumbleUpon in "Avast Sandbox?"

Any assistance will be appreciated.

Thank you

[DavidR]

No alert on the home page when I visited, firefox 11.0.

You can't specifically open it in the avast sandbox unless you have the avast! Pro or AIS version then you could sandbox your browser. But even then if you were to get an alert avast would act in the same way and alert, blocking what it considered malicious.

If you can post a screenshot of just the avast alert and we can see where and what it is alerting on.

[polonus]

Hi DavidR,

When I try to open up in Google Chrome being directed via http://zulu.zscaler.com/submission/show/a97109c3875899bbbfbd502db9011bf0-1334575962
which redirect comes from Cloudflare
Scanned with DrWeb URL Checker goes: Checking: htxp://b9.sustatic.com/hJITegTR4elcQ-cmFpNwuQ
File size: 61.79 KB
File MD5: 8492137a04d1e1e95c43e726169370b9

htxp://b9.sustatic.com/hJITegTR4elcQ-cmFpNwuQ - Ok

Checking: htxp://b9.sustatic.com/7oG6xi6K6E-OtJyhUesshg
File size: 172.02 KB
File MD5: ee81bac62e8ae84f8eb49ca151eb2c86

htxp://b9.sustatic.com/7oG6xi6K6E-OtJyhUesshg - archive JS-HTML
>htxp://b9.sustatic.com/7oG6xi6K6E-OtJyhUesshg/JSTag_1[139e0][17632] - Ok
hxtp://b9.sustatic.com/7oG6xi6K6E-OtJyhUesshg - Ok

Checking: htxp://b9.sustatic.com/lYhRyyGo0MjaX5xyfDZmWw
File size: 3376 bytes
File MD5: 958851cb21a8d0c8da5f9c727c36665b

hxtp://b9.sustatic.com/lYhRyyGo0MjaX5xyfDZmWw - Ok
But what is in the code this goes to -> StumbleUpon —

Looks like there's a problem
htxp://cdn.stumble-upon.com/i/error/sfe/bunnies.png?v=1
But don't worry, we're working on it,
We're working quick like a bunny to fix it, and everything will be back to normal soon.

Checking: htxp://www.stumbleupon.com/
Engine version: 7.0.1.2210
Total virus-finding records: 2797968
File size: 6704 bytes
File MD5: df7a97c071d43d728cecfe90bbf1395e

htxp://www.stumbleupon.com/ - archive JS-HTML
>htxp://www.stumbleupon.com//JSTAG_1[5a7][2a8] - Ok
>htxp://www.stumbleupon.com//JSTAG_2[1673][18a] - Ok
>htxp://www.stumbleupon.com//JSTAG_3[182b][186] - Ok
htxp://www.stumbleupon.com/ - Ok

polonus

[DavidR]

Well I allowed sustatic.com (StumbleUpon static) in noscript and requestpolicy and still no alerts in firefox.

Presumably you wouldn't have got any google safe browsing alerts in chrome either ?

[polonus]

Hi DavidR,

I was only checking via "cold reconnaisance" so to say, never go out there live.  Did not open up directly in GoogleChrome but simulated GoogleChrome with Zulu Zscaler in the advanced options, choosing that user agent.
You remember probably that MBAM also recently reported various CloudFlare issues, where malversants tried to abuse their service.
Need not be the case here with b9.sustatic dot com, but avast seems to be rather accurate in these cases and let us thank the developers of the product for protecting us in such way. Now when I opened up directly with GoogleChrome via GoogleChrome Privacy Guard, nothing out of the ordinairy, site is secure according to my password fail extension, so the site does not store passwords in plain txt form, no alerts whatsoever,

polonus

[baterya]

I think I am having a similar problem..

It is when I put a link from a particular blog and put it in stumbleupon and facebook...
avast is giving a warning that there is a malware and this is what the page is showing,,

This webpage is not available
The webpage at http://10maiuaw.serveusers.com/ might be temporarily down or it may have moved permanently to a new web address.
Error 103 (net::ERR_CONNECTION_ABORTED): Unknown error.

sample of the link I am talking about below:

Facebook

http://www.facebook.com/l.php?u=http%3A%2F%2Fiskrambol.com%2F2012%2F04%2F23%2Fa-different-view-of-the-eiffel-tower%2F&h=SAQEbkmWjAQFQ25-7qIKvuY_bF1IEzUf8CSN-gG_quESubw&enc=AZPNpziNn7rpiR2E6eSUkc1l8tN344nmmXPkfw2pyFVdFJrkEviApDPkDbWjGU3IO-fYo0LaSGf-t_mvQ8IMxOWM7Sg4XHtcz0FqSp9vJgvuuQ

from stumble upon

http://www.stumbleupon.com/su/27QFvs/iskrambol.com/2012/04/23/a-different-view-of-the-eiffel-tower/

both of them are shows that message..

but if I entered directly from the site http://iskrambol.com there is no malware notification.

I am confuse please advice..

thanks

[polonus]

Hi baterya,

That site has an outdated WordPress version-> http://sitecheck.sucuri.net/results/http://iskrambol.com/
and is therefore vulnerable. The web admin should be informed about the risks he and his eventual visitors could run.
Just updating won't do, first any eventual malware should be cleansed, else
the malcode is re-installed together with the updated software,

polonus

[nimd4]

sitecheck.sucuri.net/

Nice link there, tnx. Btw., robtex.com/ is also neat; can show if the site's been hijacked:

Code: [Select]

http://www.robtex.com/dns/sustatic.com.html#summary

Code: [Select]

http://www.robtex.com/dns/stumbleupon.com.html#summary
The other two connections @ stumbleupon.com are 2: google-analytics.com & scorecardresearch.com (both blocked with NoScript on my Firefox)

P.S.
I've just found a site called (no idea wth is all that about):

Code: [Select]

stumble-upon.com/

[mchain]

Additional info re stumble-upon here:  http://urlquery.net/report.php?id=82728

[polonus]

Very good contribution there, thanx mchain, also look here for reference:

Interesting, also see here from http://osvdb.org/browse
: htxp://129.81.224.37/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB

polonus