Author Topic: Blacklisted and compromised site.  (Read 1051 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33808
  • malware fighter
Blacklisted and compromised site.
« on: February 01, 2014, 11:05:58 PM »
Site is vulnerable and likely compromised because of outdated CMS: Web application details:
Application: Joomla! 1.5 - Open Source Content Management - http://www.joomla.org

Web application version:
Joomla Version 1.5.18 - 1.5.26 for: htxp://itaaconference.com/media/system/js/caption.js
Joomla Version 1.5.18 to 1.5.26 for: htxp://itaaconference.com/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
See also: WhatWeb info -> htxp://ITAACONFERENCE.COM [200] MetaGenerator[Joomla! 1.5 - Open Source Content Management],
 HTTPServer[Apache],
 Google-Analytics [UA-12882115-5],
 Apache, IP[92.61.146.232],
 JQuery, OpenGraphProtocol[website][197338706997999],
 Joomla[1.5],
 Cookies[949baf207dd1f20e713cb9ef7a2902bb],
 Title[2012::ITAA Conference- Chennai],
 Country[GERMANY][DE] other technologies used, see: http://builtwith.com/itaaconference.com
blacklisted here: http://builtwith.com/itaaconference.com
PHISH up at IP:
Up(nil):   92.61.146.232    to 92.61.146.232   bin-fr dot com   htxp://bin-fr.com/PayPal.Fr/www.PayPal.fr/fr/cgi-bin/webscr/cmd=_login-run&dispatch=5885d80a13c0db1f1ff80d546411d7f823b5265b6559fc2aae010bfb00cf3c64/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33808
  • malware fighter
Re: Blacklisted and compromised site.
« Reply #1 on: February 01, 2014, 11:15:05 PM »
Quttera's also finds it malicious here:
/templates/yoububble/src/mouseover.js -> -> http://jsunpack.jeek.org/?report=43b40ed749df475a032bfcdd4479935fb94d1fd9
Severity:    Malicious
Reason:    Detected known malicious content.
Details:    Threat detected according to previously retrieved information
File size[byte]:    1531
File type:    INI
MD5:    B3B54853ECE01DC1B354BD36E6575786
Scan duration[sec]:    0.001000
Also flagged here: http://urlquery.net/report.php?id=339765

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!