Author Topic: unknown html malware or FP?  (Read 1851 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33988
  • malware fighter
unknown html malware or FP?
« on: September 04, 2013, 09:01:55 PM »
See: https://www.virustotal.com/en/url/666654b5d211ca3d99430006c73254dea531235995751123cf4090d63a443db2/analysis/
and https://www.virustotal.com/en/url/666654b5d211ca3d99430006c73254dea531235995751123cf4090d63a443db2/analysis/1378320754/
See: https://www.virustotal.com/en/ip-address/206.188.192.140/information/
Warning for WordPress theme: http://laurenmanning.com/wordpress/wp-content/themes/Avada/
Wordpress internal path: /data/4/0/160/85/323900/user/329820/htdocs/wordpress/wp-content/themes/Avada/index.php
There is huge vulnerability in LayerSlider 3.5 that allows anyone remove it without access to admin, users have to upgrade to vs 3.6
Vulnerable to iFramehack
Existing malware apparently has been closed: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=206.188.192.140
Given as malicious here: http://zulu.zscaler.com/submission/show/124b5e308abff11b3545b3842617b48a-1378321709
laurenmanning.com/wordpress/wp-content/themes/Avada/js/jquery.waypoint.js?ver=3.5.2 benign
[nothing detected] (script) laurenmanning.com/wordpress/wp-content/themes/Avada/js/jquery.waypoint.js?ver=3.5.2
     status: (referer=laurenmanning.com/)saved 8044 bytes c0c0d473a9bc5a9739f8f44158027d34e31bd642
     info: [decodingLevel=0] found JavaScript
     error: undefined function n
     suspicious:

polonus
« Last Edit: September 04, 2013, 09:14:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33988
  • malware fighter
Re: unknown html malware or FP?
« Reply #1 on: September 04, 2013, 09:41:08 PM »
Another one flagged by VirusWatch and suspicious code here:
japtou.com/catalog/view/javascript/jquery/thickbox/thickbox-compressed.js benign
[nothing detected] (script) japtou.com/catalog/view/javascript/jquery/thickbox/thickbox-compressed.js
     status: (referer=japtou.com/)saved 5542 bytes 1918cbf68f5221864f8d67c912965b1475c100af
     info: [decodingLevel=0] found JavaScript
     suspicious: (vulnerability ->  http://forum.opencart.com/viewtopic.php?f=31&t=20365&p=100445
The description only avaliable via Google cache (removed) -:https://github.com/wpscanteam/wpscan/blob/master/doc_yard/WpItem/Vulnerable.html%2BWpItem/Vulnerable.html&oe=utf-8&hl=en&ct=clnk
Nothing flagged here: http://zulu.zscaler.com/submission/show/a4b45918e23cb36ae382bf3c46d458e1-1378323017

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!