Author Topic: Rogue/Fake/Malicious - Chrome Extension  (Read 2535 times)

0 Members and 1 Guest are viewing this topic.

Offline chabbo

  • Full Member
  • ***
  • Posts: 175
Rogue/Fake/Malicious - Chrome Extension
« on: February 03, 2013, 02:47:46 PM »
http://anubis.iseclab.org/?action=result&task_id=1e03a4342a4f7e4345d76bbf22594957a&format=html


Google chrome Browser detected virus (virus Detected)
Transmitted virus web Browser  must be Uninstalled.


xxx.facebooksistem.net

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Rogue/Fake/Malicious - Chrome Extension
« Reply #1 on: February 03, 2013, 09:57:25 PM »
Suspicious activity detected here: http://quttera.com/detailed_report/www.facebooksistem.net
Blacklisted here: http://www.siteadvisor.com/sites/facebooksistem.net
recent issues reported here: http://urlquery.net/report.php?id=927177
This is not on the server: hXtp://www.facebooksistem.net/izle%2Bwww.facebooksistem.net/izle&oe=utf-8&hl=en&ct=clnk was not found on this server
and Google Chrome message:
Quote

Google Chrome Tarayıcınızda Virüs Algılandı ( Virus Detected )

Web Tarayıcınıza Bulaşan Virüsü Kaldırmamız Gerekmektedir.

Bu Nedenle, Virüsü Temizle butonuna basınız, daha sonra ekle butonuna tıklayın. Virüs Temizlendikten Sonra, Sorunsuzca Gezebileceksiniz..

13 Kişi Kullandı!
Virüsü Temizle  translating to Google Chrome browser Detected Virus (Virus Detected)

Web Tarayıcınıza Bulaşan Virüsü Kaldırmamız Gerekmektedir. Transmitted Virus Web browser must be uninstalled.

Bu Nedenle, Virüsü Temizle butonuna basınız, daha sonra ekle butonuna tıklayın. For this reason, the virus, press the Clear button, then click the Add button. Virüs Temizlendikten Sonra, Sorunsuzca Gezebileceksiniz.. Virus cleaning, then the trouble to visit the ..

13 Kişi Kullandı! 13 people used it!

Virüsü Temizle Clear Virus
You better advised not to click. See: https://www.virustotal.com/url/bf2819e241148056613e68e6972ce922678c5076f6feec8c724a08eeb900a0d1/analysis/


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Rogue/Fake/Malicious - Chrome Extension
« Reply #2 on: February 03, 2013, 10:08:37 PM »
NoScript blocks from the above warning site are:
[[amung.us]]
htxps://chrome.google.com/webstore/detail/igchpfdejfmbakddbicgjmpeolbeliba  *
hxtp://www.expertcoder.nazuka.net/topluca.xpi *
htxp://www.facebooksistem.net/izle/error.php +
htxp://widgets.amung.us/tab.js

*" this must be because of that mal-extension...
See for webcode: http://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.facebooksistem.net%2Fizle%2F&ref_sel=Google&ua_sel=ff
(For security analysis use only, use with NoScript active and in a VM) .
and: http://vurldissect.co.uk/default.asp?url=http%3A%2F%2F%2Fwww.facebooksistem.net&btnvURL=Dissect&selUAStr=1&selServer=1&ref=&cbxSource=on&cbxBlacklist=on
+ new hack attempt: http://forums.oscommerce.com/topic/377065-is-this-a-new-hack-attempt-errorsphperrorhttp/ (thread posted by GothicBeast)
probably created via a security exploit in PHP/5.3.3

polonus
« Last Edit: February 03, 2013, 10:42:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!