« previous next »
Pages: [1]   Go Down

Author Topic: Again the avast! Webshield - never go without it, guys and gals!  (Read 1373 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Again the avast! Webshield - never go without it, guys and gals!
« on: September 20, 2014, 08:52:20 PM »
detected here: -http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2F1lira.blogspot.fr%2F2008_05_01_archive.html+&useragentheader=&acceptheader=
as JS:Autolike-E[Trj] equals Trojans detected:
Object: htxp://1lira.blogspot.fr/2008_05_01_archive.html
SHA1: 60baa42d5272e0bd141bee3848bb2047b94b982c
Name: TrojWare.JS.Faceliker.B

pol
« Last Edit: September 20, 2014, 11:36:08 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: Again the avast! Webshield - never go without it, guys and gals!
« Reply #1 on: September 23, 2014, 03:30:53 PM »
Missed by many scanners, but avast! Webshield detects as JS;Clickjack-B[Trj]
Trojans detected:
Object: htxp://catasti.it/
SHA1: 76296b6af82b7ee5edd7c9bc2b5bc39cbc23c8be
Name: TrojWare.JS.Agent.caa

Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();

ISSUE DETECTED   DEFINITION   INFECTED URL
SEO Spam   MW:SPAM:SEO   htxp://catasti.it
SEO Spam   MW:SPAM:SEO   htxp://catasti.it/index.php/contattaci

Shalla Secure Services does not have it. Missed at: http://killmalware.com/catasti.it/

These 3 have: https://www.virustotal.com/nl/url/8886175355d88c6a84ce922ba6567ce2dbc1080f5499e203f0bec4e38b0b6719/analysis/1411478597/

Javascript check: Suspicious

nguage="javascript"> function dnnviewstate() { var a=0,m,v,t,z,x=new array('9091968376','8887918192818786347374918784939277359287883421333333338896','778787','94999

Web application details:
Application: Joomla! - Open Source Content Management - http://www.joomla.org
Running Plesk 10.3: catasti.it:8443

Web application version:
Joomla Version 2.5.7 for: htxp://catasti.it/media/media/js/mediamanager.js
Joomla Version 2.5.8 for: htxp://catasti.it/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Plesk version 10.3 outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.20 or 3.3
Outdated Plesk Found: Plesk 10.3

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: Again the avast! Webshield - never go without it, guys and gals!
« Reply #2 on: September 23, 2014, 03:38:03 PM »
There is another one on that site that avast! Webshield detects as JS:HideMe-I[Trj].
See attached image. (set out in blue, folks!)

pol

P.S. This is a cloaking Black Hat SEO Technique - wordpress hack. read: http://stackoverflow.com/questions/15237789/how-to-reverse-engineer-a-hidden-js-script  (link maybe detected as above Trojan by the webshield). Else read here: script in header: http://forum.bytesforall.com/showthread.php?t=19168

D

« Last Edit: September 23, 2014, 03:43:58 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »