Author Topic: Good blocking from the avast! Network Shield  (Read 2346 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Good blocking from the avast! Network Shield
« on: April 01, 2013, 10:37:55 PM »
See: http://urlquery.net/report.php?id=1737479
avast! Network Shield blocks this url as URL:Mal
Not detected here: http://evuln.com/tools/malware-scanner/http%3A%2F%2Fnacha-updates.org%2Fnews%2F04012013.php/
Given benign: http://zulu.zscaler.com/submission/show/fa74c5c2556cc4adcc4754d51bd15e62-1364848245
Malcode on site blocked as JS:Downloader-CBM[Trj] by avast! Web Shield...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: Good blocking from the avast! Network Shield
« Reply #1 on: April 01, 2013, 10:40:02 PM »
It is almost unbelievable, but missed here: http://www.urlvoid.com/scan/nacha-updates.org/
and here: http://sitecheck.sucuri.net/results/nacha-updates.org/
but detected here thrice: 0d020f64195e6134f6527c5443badea3f1f5eb54fb2576d7c4e7a08a698bc356
url after redirection -> {"timestamp": "1364848995", "sha256": "31a4aed87c1f85cc45e234c76ecf0ae068cfaa797f3c29acbeb031e68359140c", "analysis_url": "/en/url/31a4aed87c1f85cc45e234c76ecf0ae068cfaa797f3c29acbeb031e68359140c/analysis/1364848995/", "result": 1, "verbose_msg": "Invalid URL"}
see: http://www.mywot.com/en/scorecard/nacha.org?utm_source=addon&utm_content=popup-donuts (Indian bot interference?)

pol
« Last Edit: April 01, 2013, 10:48:43 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: Good blocking from the avast! Network Shield
« Reply #2 on: April 01, 2013, 11:38:33 PM »
Here follows a good observation from our forum friend Pondus on how shortened urls are brought into play by the malcreants:
Quote
if one uses the short url  (-http://nacha-updates.org)  you get this...nada and IP in Korea
http://urlquery.net/report.php?id=1737949
http://sitecheck.sucuri.net/results/nacha-updates.org

using the full url  (-http://nacha-updates.org/news/04012013.php)  then IP is changed to South Africa
http://urlquery.net/report.php?id=1737957
http://sitecheck.sucuri.net/results/nacha-updates.org/news/04012013.php   and sucuri now sees a redirect

Pondus, thanks for these observations. Website analysts should be aware of these"uri-games"...

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!