Author Topic: Why this site isn't blocked anymore? Well, malware has been closed!  (Read 988 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33870
  • malware fighter
Known javascript malware: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v17
Flagged here: https://www.virustotal.com/nl/url/a6b583d4df6730e0a81180a78bbbe2d21765450abff4757151e8205bc80c1df9/analysis/1391295725/
Given as benign here: http://zulu.zscaler.com/submission/show/0659c4401937cc00f8198f8a0305203a-1391295900
Malware has been closed: http://support.clean-mx.de/clean-mx/viruses.php?review=77.91.206.20&sort=email+asc,review+desc

It is frustrating that several website scanners will still flag a site as with malcode as it already has been closed after 1.3 hours of time at 2014-02-01 00:07:20. So this has to be evaluated every time through live scanning or at the proper resources!

The unknown_html_RFI_shell malcode that now has been closed was initiated through a Superuser tracerouting attempt via debug info.
We have seen quite an amount of these automated probes and attack attempts lately.

See WhatWeb data: htxp://www.sasenergia.pt/ [200] HTTPServer[Apache],
 Adobe-Flash, Google-Analytics [UA-38251232-1],
 Apache, IP[77.91.206.20],

Blacklisted URLs on AS: 1105 -> http://sitevet.com/db/asn/AS8426
 JQuery, Title[SAS Energia],
 Country[PORTUGAL][PT]
Site security still questionable, see: http://jsunpack.jeek.org/?report=d88a27915818a56160a6adf852642c84cfbc4c95
Technology report on site: http://builtwith.com/sasenergia.pt
source code: http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://www.sasenergia.pt/&uag=MSIE+8.0+Trident&ref=http://www.google.com&aen=&req=GET&ver=1.1&fmt=AUTO

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!