« previous next »
Pages: [1]   Go Down

Author Topic: Malicous redirect on site?  (Read 2365 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Malicous redirect on site?
« on: December 08, 2013, 05:36:54 PM »
See: http://maldb.com/austinbarker.net/
Spam check: Suspicion of Spam
htxp://www.hotud.org/" title="payday loans">payday loans</a></p><!-- ba5670cccb --> <div id="rt-drawer"> <div cla...
Malware check: Infected
tate(); </script> <p class="nemonn">by zaepayd <a href="htxp://www.hotud.org/" title="payday loans">payday loans</a></...
Nothing here: http://urlquery.net/report.php?id=8246348
nor here: http://zulu.zscaler.com/submission/show/bb41c2656f1a5b62a32ed8809e9ad765-1386520292
2 flags here: https://www.virustotal.com/nl/url/2e717297ce01a10782cb0a26054aed46d22c5c33dcdb7f2aa9b62d804b06ea05/analysis/

Alive malware detected by avast! asHTML:Iframe-QT [Trj]  on other domain on same IP: http://support.clean-mx.de/clean-mx/viruses?id=13866467

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: Malicous redirect on site?
« Reply #1 on: December 08, 2013, 05:48:47 PM »
Quttera also detects 2 sispicious files here: (Compacted using Packer in PHP)
/modules/mod_rokajaxsearch/js/rokajaxsearch.js
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['this var=if new({Element:"options.inject",class:{\'function\':div,\'arrow\':selectedEl,\'left\':goog']] of length 9910 which may point to obfuscation or shellcode.
Threat dump:   http://jsunpack.jeek.org/?report=169734b13eb9cb40de81f03274d27e8b00696637
File size[byte]:    15933
File type:    ASCII
MD5:    02DA0CC0BBA4D40702EA5FA7FD5AC036
Scan duration[sec]:    0.497000
/plugins/system/rokbox/rokbox.js
Severity:    Potentially Suspicious
Reason:    Detected potentially suspicious content.
Details:   Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar1083890297 = write; <code/>
Threat dump:   http://jsunpack.jeek.org/?report=cff0a2a31ace7b2f3bc35fa33b8fb13eab25ead1 
File size[byte]:    22076
File type:    ASCII
MD5:    764636E4B741E13F6D3BCED66420A102
Scan duration[sec]:    0.162000

avast! Web Shield blocks this code as JS:Agent-HA[Trj] here -> htxp://stackoverflow.com/questions/2731345/what-exactly-does-this-piece-of-javascript-do

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: Malicous redirect on site? [SOLVED]
« Reply #2 on: December 08, 2013, 06:10:15 PM »
Awfully glad I can inform all of us here we have protection from the site's malcode
again through the marvelous avast! Webshield that blocks this as it detects:
JS:HideLink-A[Trj]

Chapeau to all developers of avast! Webshield. avast team's Vlk and Milos well done!

Damian
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »