Other > Viruses and worms

Redirect attempt a malware?

<< < (2/2)

avastreally?:

--- Quote from: mchain on April 28, 2013, 07:10:53 PM ---
--- Quote from: avastreally? on April 28, 2013, 12:19:57 AM ---
--- Quote from: mchain on April 27, 2013, 10:16:56 PM ---hi avastreally?,

Your link redirects to here:  http://urlquery.net/report.php?id=2209608  to SoftLayer Technologies.

Click upper-right for screenshot of redirect.

It might help to use AdBlock Plus add-on to block annoying or malicious ads or use NoScript in your browser.

I assume you mean the link is blacklisted?

[EDIT:]  Virus Total URL scan:  https://www.virustotal.com/en/url/84ea93c721a7d5f05a882a9ce0de05ccbf1f81ae237c6d4fdecc4476aa643806/analysis/1367093964/

--- End quote ---
Thanks @mikaelrask
hey @mchain

...but i was wondering why it came up as i have used that site many times(i read it page by page everyday) and all of a sudden it has redirects , which made me thing something else was at work here
can you recommend another script blocker for chrome? or the one i have is good enough?
i dont visit bad site as i have world of trust (WOT) and bitdefender traffic light (though i want to submit a false positive to bitdefender but the forum would not let me sign up)
 i would like to congrats avast for doing a good job of blocking it ( as its new and other places have it as ok but avast still blocked it (reliable :) )
any more advice? (i already did avast, malwarebytes and superantispyware scan)

--- End quote ---
Even well-known and reputable sites can get hacked with unwanted and malicious links that redirect to sites outside of the webpage you are currently viewing.  That fact alone is why polonus will take the time to chase and track down where the malware originates from; this sort of malware linking is beyond a user's control as the website owner needs to be notified of the issue.  Doing so will make the site safer and help protect other visitors from any malware attacks as well as protect the reputation of the website.

You'll note that the malicious link started with a .jpeg and ended with a redirect to SoftLayer Technologies.  AdBlock Plus will take care of that by blocking the .jpeg from even downloading to the page you are viewing and you should not even be affected.  The add-on does work in Chrome:  http://adblockplus.org/en/chrome  but you should know Google is now actively discouraging its use and possibly blocking install of it.  I already have it installed, so...

As an aside, unless a website requires https://, do not use secure http: unless the site requires it.  Online banking sites require this.  Avast! WebShield cannot scan https:// for malware, just so you know.  Forcing sites not designed for https:// to run as htttps:// will not result in increased security, but less, as WebShield cannot monitor the secure connection.

Kudos for avast!   ;D

--- End quote ---
Thanks for your time and detailed help, i have contacted the admin, hopefully this is resolved soon
 o/

mchain:
You're welcome.

polonus:
Looking at it with Redleg's FileViewer, I get a redirect to: Location: htxp://waihuizhifu.com/images/124.gif
which on it it's turn give this redirect: The location line in the header above has redirected the request to: htxp://mbm999.info/1.gif (see attached)
Same IP had this IDS alert on domain: ET POLICY Maxmind geoip check to /app/geoip.js
which is a Fraudulent IP abuse IDS detection....

Navigation

[0] Message Index

[*] Previous page

Go to full version