Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
This fake Intuit s p a m leads/led to malware on forumligandaz dot ru
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: This fake Intuit s p a m leads/led to malware on forumligandaz dot ru (Read 2562 times)
0 Members and 2 Guests are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
This fake Intuit s p a m leads/led to malware on forumligandaz dot ru
«
on:
February 26, 2013, 10:10:58 PM »
See:
http://urlquery.net/report.php?id=1130297
IDS alert for XPLOIT-KIT Blackhole v2 landing page - specific structure
see attached image of browser specific malcode (IE and fx only)
see:
https://www.virustotal.com/en/url/9470dfda27a722d566219310421cc00586fb87c84be17d644bf1972f4f33ffc8/analysis/1361911866/
Read the write up on this so-called Intuit spam:
http://blog.dynamoo.com/2013/02/intuit-spam-forumligandazru.html
(link article author = Conrad Longmore)
Avast does not block: htxp://forumligandaz.ru:8080/forum/links/column.php (->
http://whoistory.com/2013/02/17/forumligandaz.ru.html
)
But with file viewer I get: Your server has refused the connection from the File Viewer! for the above URL....
Luckily does not seem to resolve: HTTP/1.1 502 Bad Gateway
Server: nginx/1.0.10 IP 31.200.240.153 nada here:
http://www.ipvoid.com/scan/31.200.240.153/
Date: Tue, 26 Feb 2013 21:07:22 GMT
Content-Type: text/html; charset=CP-1251
Connection: close
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
polonus
«
Last Edit: February 26, 2013, 10:13:35 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37700
Re: This fake Intuit s p a m leads/led to malware on forumligandaz dot ru
«
Reply #1 on:
February 26, 2013, 11:57:20 PM »
Jotti
http://virusscan.jotti.org/en/scanresult/1cc741f29c5d32bf4e15319aa2157b480dbc33d0
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: This fake Intuit s p a m leads/led to malware on forumligandaz dot ru
«
Reply #2 on:
February 27, 2013, 12:01:28 AM »
Thank you, Pondus.
So we have detection as avast detects this as JS:Redirector-AFO,
polonus
P.S. Remember we have been looking into that malcode last November:
http://forum.avast.com/index.php?topic=110553.0
D
«
Last Edit: February 27, 2013, 12:04:35 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
This fake Intuit s p a m leads/led to malware on forumligandaz dot ru