Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Ambiquous query terms found?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Ambiquous query terms found? (Read 1949 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33885
malware fighter
Ambiquous query terms found?
«
on:
July 17, 2012, 09:11:08 PM »
See:
http://zulu.zscaler.com/submission/show/78e6d9ea7fd8cb82dd0e904b36d39624-1342551094
See:
http://zulu.zscaler.com/submission/show/77882267cc1085f18f83273df9ef6372-1342551319
See:
http://zulu.zscaler.com/submission/show/d9664f0b41aba50ae531d98b7ff21029-1342551420
Nasty ads script not-out-of-the-box VBulletin code running on port "37935" is suspicous: -> htXp://127.0.0.1:37935/xpopup.js
(inserting some security JS?)
IP has live PHP shell code malware
Certainly PHISHING going on:
http://urlquery.net/report.php?id=94374
AS has malicious URLs? Yes
...badware? Yes
...botnet C&C servers? Yes
...exploit servers? No
...Zeus botnet servers? Yes
...Current Events? Yes
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
!Donovan
Web Analyst
Avast Evangelist
Super Poster
Posts: 2219
Re: Ambiquous query terms found?
«
Reply #1 on:
July 17, 2012, 09:44:01 PM »
See my PM
Logged
Familiarize Yourself!
|
Educate Yourself!
|
Beautify Yourself!
|
Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
polonus
Avast Überevangelist
Probably Bot
Posts: 33885
malware fighter
Re: Ambiquous query terms found?
«
Reply #2 on:
July 17, 2012, 11:21:31 PM »
More about the nature of the scan can be concluded from this:
http://urlquery.net/report.php?id=94210
Known RBN IP, to what the nature of the 404's were that we found.
I have reason to assume that on that Vietnamese site once there was detected PHP:Agent-HK[Trj] malware in ->/plugins/content/avreloaded/silverlight.js
avast Web Sield will allert to this {gzip}as PHP:Agent-HK[Trj] ...
And here we have what serious injection vulnerability could have been abused:
http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/3955
link author Fritz Elfert (or in combination with a more recent Joomla vulnerability)
polonus
«
Last Edit: July 17, 2012, 11:33:53 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Ambiquous query terms found?