« previous next »
Pages: [1]   Go Down

Author Topic: Malicious iFrame injection detected?  (Read 1971 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33910
  • malware fighter
Malicious iFrame injection detected?
« on: November 28, 2013, 09:08:19 PM »
Detected malicious iframe injection: http://urlquery.net/report.php?id=8047611
See code: http://jsunpack.jeek.org/?report=ce854a18e44254b2f03d47bca08cc11933b0f004
On blacklisted site: http://sitecheck.sucuri.net/results/avcorp.ru/index.php/light/41-panels/66-sams42410
-> https://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Favcorp.ru%2Findex.php%2Flight%2F41-panels%2F66-sams42410&hl=en
JavaScript Check: Suspicious
d> <base href="htxp://avcorp.ru/index.php/light/41-panels/66-sams42410" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="...$Id: caption.js 5263 2006-10-02 01:25:24Z webImagery $
See: avcorp dot ru/templates/crystal/lib/js/mootools/mootools-release-1.11.js benign
[nothing detected] (script) avcorp dot ru/templates/crystal/lib/js/mootools/mootools-release-1.11.js
     status: (referer=avcorp dot ru/index.php/light/41-panels/66-sams42410)saved 64881 bytes fbe47996a84d4794adf4b26805a81c6189fa9bd5
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [script] avcorp.ru/templates/crystal/lib/js/mootools/
     info: [decodingLevel=0] found JavaScript
     suspicious:

404 error check: Suspicious

Suspicious 404 Page:
   .ru/css/reset.css" media="screen" /> <link rel="stylesheet" href="htxp://peterhost.ru/css/styles.css" media="scr

Joomla 1.5software exploitable: http://www.governmentsecurity.org/forum/topic/30939-how-to-exploit-joomla-15x/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »