Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Consumer Products
»
Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
(Moderators:
hectic-mmv
,
LudekS
,
chytil2
) »
How Dangerous Is "relellre.4pu.com"
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: How Dangerous Is "relellre.4pu.com" (Read 5093 times)
0 Members and 1 Guest are viewing this topic.
baumgrenze
Jr. Member
Posts: 35
How Dangerous Is "relellre.4pu.com"
«
on:
September 29, 2012, 06:11:18 AM »
I tried opening this website
http://www.fpcwhiteville.org/
Several times it was blocked by Avast with the warning "Malicious URL Blocked."
avast! Network Shield has blocked a harmful site
Object:
http://relellre.4pu.com
Infection: URL:Mal
Process: C:\Program Files\SeaMonkey\seamonke.exe
Just now it was allowed to open. Last time I tried there was an attempted redirect to "
http://relellre.4pu.com
"
Has anyone any idea how harmful this site might be?
Thanks,
baumgrenze
Logged
CraigB
Avast Überevangelist
Serious Graphoman
Posts: 11239
No support PM's thanks
Re: How Dangerous Is "relellre.4pu.com"
«
Reply #1 on:
September 29, 2012, 07:21:28 AM »
Please dont post live malicious links as there is always bound to be someone that will click on these, change http to hxxp
Logged
Pondus
Probably Bot
Posts: 37527
Not a avast user
Re: How Dangerous Is "relellre.4pu.com"
«
Reply #2 on:
September 29, 2012, 10:52:03 AM »
website is
infected
http://sitecheck.sucuri.net/results/www.fpcwhiteville.org/
seems none is detecting tha malware yet
https://www.virustotal.com/file/eb75a883621ea95b037ced4a530909d100c06b6283e8ec6432b5b7f31799a7ca/analysis/1348908813/
norton safe web
http://safeweb.norton.com/report/show?url=relellre.4pu.com
«
Last Edit: September 29, 2012, 11:02:08 AM by Pondus
»
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33895
malware fighter
Re: How Dangerous Is "relellre.4pu.com"
«
Reply #3 on:
September 30, 2012, 07:28:02 PM »
Like to thank Pondus for reporting this, our friend, !Donovan, for his in-depth analysis of the malcode at hand.
See:
http://websiteanalystsresource.wordpress.com/2012/09/29/updated-51la-malware-no-antivirus-detects/
I will add some additional information why the site has been hacked in the first place and got infected through blackhat-seo-spam,.
This malware is mostly coming from China.
Read on (links thanks to Sucuri info, article by fioravante souza, and zen-cart-wiki and off-course !Donovan's article).
Again a victim from an outdated WP version that made the site vulnerable to a PHP eval hack.
How it was being performed read here:
http://blog.unmaskparasites.com/2012/05/18/careless-webmasters-as-wordpress-hosting-providers-for-spammers/
and here:
http://blog.sucuri.net/2012/08/sitecheck-got-blackhat-seo-spam-warning.html
About recovering from hacks:
http://www.zen-cart.com/wiki/index.php/Recovering_From_Hacks
(info available from Zen Cart® project)
OK, first priority in all these cases is to keep the website software fully updated, patched and checked,
polonus
«
Last Edit: September 30, 2012, 08:15:25 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Consumer Products
»
Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
(Moderators:
hectic-mmv
,
LudekS
,
chytil2
) »
How Dangerous Is "relellre.4pu.com"