« previous next »
Pages: 1 [2]   Go Down

Author Topic: SE visitors redirect flagged by avast?  (Read 18068 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: SE visitors redirect flagged by avast?
« Reply #15 on: April 03, 2014, 01:58:15 PM »
See: http://maldb.com/alcazone.com/#  &  http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Falcazone.com
-> http://sucuri.net/malware/entry/MW:HTA:7  -> http://urlquery.net/report.php?id=1396525671490
virus tracker info: alcazone dot com,195.110.124.188,ns1.register dot it,Parked/expired,
appl.  Notepad di win98

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: SE visitors redirect flagged by avast?
« Reply #16 on: April 04, 2014, 06:15:11 PM »
Here we see the results of a hack of an Apache file named .htaccess
(read redleg's analysis here: https://www.badwarebusters.org/main/itemview/26675 )
on System Details:
Running on: Apache/2.2.26
System info: (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
as a SE visitors redirects
Visitors from search engines are redirected
to: htxp://flyghtairline.ru/access/index.php
11 sites infected with redirects to this URL
See: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fpantathailand.net%2F
For redirect see: http://labs.sucuri.net/?details=flyghtairline.ru

Blacklisting status: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=pantathailand.net
and  http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=flyghtairline.ru/

There is also an iFrame (hidden frameset) going to
Code: [Select]
<frame name="main" src="htxp://www.ethailandhost.com/panta/index.htm"> without additional malware: http://wepawet.iseclab.org/view.php?hash=5016999753c2685999697d65e36ea289&t=1355950873&type=js

pol
« Last Edit: April 04, 2014, 06:28:43 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: SE visitors redirect flagged by avast?
« Reply #17 on: April 06, 2014, 02:01:27 AM »
Been with us quite some time, this attack and conditional redirect still making victims: http://maldb.com/doungjaihouse.com/
Read on this malware injection: http://www.mintrix.net/blog/2012/04/04/damn-you-hackers-go-to-hell/
and https://www.badwarebusters.org/main/itemview/28544  read Redlegs comments in the thread.
How it was being performed: http://ninjafirewall.com/malware/index.php?threat=2012-05-03.01
Missed here altogether: http://quttera.com/detailed_report/doungjaihouse.com
avast! Webshield blocksthe site |  {gzip}as infested with HTML:Script-inf
We are being protected. Redirect to URL found in 1747 sites.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: SE visitors redirect flagged by avast?
« Reply #18 on: December 02, 2016, 11:32:41 PM »
Still with malware and still flagged by AOS: http://urlquery.net/report.php?id=1480717200395
Known Spam SEO, another example from the past: https://forum.avast.com/index.php?topic=147881.10

Website seems now a domain for sale. Illegal Pharmacy Spam / Dating Scam.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: 1 [2]   Go Up
« previous next »