Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Malware here detected? Yes, we´re being protected by avast! Web Shield!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Malware here detected? Yes, we´re being protected by avast! Web Shield! (Read 2812 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Malware here detected? Yes, we´re being protected by avast! Web Shield!
«
on:
November 20, 2013, 11:00:03 PM »
Blacklisted and likely compromised:
http://sitecheck.sucuri.net/results/laptopbattery.ru#tab2
Malware flagged here: Object: htxp://laptopbattery.ru/templates/js/tabs.js -> <urlopen error timed out>
SHA1: d181c2349975685e53a9486316056c3e5e331655
Name: Exploit.JS.Expack.G
and
Object: htxp://laptopbattery.ru/cat.html?product=906
SHA1: 3cb16ad893d8c555321b8c503cd57ba507e14a1b
Name: Suspicious-WI. Here avast! Web Shield detects and blocks: JS:Includer-AMZ[Trj]
More external scripts flagged as malicious:
http://zulu.zscaler.com/submission/show/45c97bfdb312a232c0763a413cf63176-1384984290
like htxp://9d.home.pl/pub/pOFBT2NP.php avast Web Shield detects and blocks URL:Mal here.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37698
Re: Malware here detected? Yes, we´re being protected by avast! Web Shield!
«
Reply #1 on:
November 20, 2013, 11:32:07 PM »
htxp://9d.home.pl/pub/pOFBT2NP.php
sucuri
http://sitecheck.sucuri.net/results/9d.home.pl/pub/pofbt2np.php
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Re: Malware here detected? Yes, we´re being protected by avast! Web Shield!
«
Reply #2 on:
November 20, 2013, 11:52:16 PM »
Pondus,
You can establish from the excessive header information given out that that server IdeaWebServer/v0.80 is exploitable.
I described a likewise scenario here:
http://forum.avast.com/index.php?topic=132057.msg974410#msg974410
About FrontPage/5.0.2.2635 vulnerability see:
http://www.bluehostforum.com/showthread.php?15205-mod-FrontPage-vulnerability
What is happening on this Polish IP? :
http://filemare.com/browse/79.96.233.122
see:
http://pastebin.com/Zg58svEM
and
http://www.mywot.com/en/scorecard/9d.home.pl?utm_source=addon&utm_content=popup-donuts
polonus
P.S. I hope that patches from forward versions are installed to prevent available exploits abuse.
D
«
Last Edit: November 21, 2013, 12:21:06 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Re: Malware here detected? Yes, we´re being protected by avast! Web Shield!
«
Reply #3 on:
March 18, 2015, 10:32:52 PM »
Update here- Unable to properly scan website. Nothing here:
https://www.virustotal.com/en/url/c2fad7d05160e378776c08ff4b050e96b6851d613ecfceb70fb43e07f23db1fb/analysis/
Blacklisted here:
http://www.google.com/safebrowsing/diagnostic?site=www.akashia.pl
Probably IdeaWebServer/v0.80 exploitable via mootools hack.
Also this external link flagged by WOT: htxp://politykacookies.pl/politykacookies.js ->
https://www.mywot.com/en/scorecard/politykacookies.pl?utm_source=addon&utm_content=popup
Flagged by third party sources for PHISHing.
Dla polaków:
http://serwiskomputerow.slupsk.pl/zawirusowany-skrypt-politykacookies-pl/
polonus
«
Last Edit: March 18, 2015, 10:40:16 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Malware here detected? Yes, we´re being protected by avast! Web Shield!