Author Topic: Again the avast! Webshield detecting JS:HideLink-A[Trj]  (Read 1418 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Again the avast! Webshield detecting JS:HideLink-A[Trj]
« on: October 01, 2014, 03:17:25 PM »
Trojans detected:
Object: htxp://amani-international.com/ | {gzip}
SHA1: 243905323e88d14b1a89aad1c9c5d1a8168a1d23
Name: TrojWare.JS.Agent.caa     avast! detects as JS:HideLink-A[Trj]

Site with the infamous GoDaddy subdomain error:
Code: [Select]
<!-- pageok -->
<!-- managed by puppet -->
<html>
<pre>pageok</pre>
</html>
See: https://www.virustotal.com/nl/url/37b1ccd40cd4a85d6657cf6eb4c62c4adf04d879d478f463326e2ff23047237b/analysis/
Missed: http://quttera.com/detailed_report/amani-international.com

SEO Spam: ISSUE DETECTED   DEFINITION   INFECTED URL
SEO Spam   MW:SPAM:SEO   htxp://amani-international.com
SEO Spam   MW:SPAM:SEO   htxp://amani-international.com/index.html
SEO Spam   MW:SPAM:SEO   htxp://amani-international.com/contact.html

HTTP Security Header Not So Happy Finds:
X-Frame-Options
   
Uh oh! X-Frame-Options does not appear to be found in the site's HTTP header, increasing the likelihood of successful clickjacking attacks.

Strict-Transport-Security
   
Uh oh! Strict-Transport-Security does not appear to be found in the site's HTTP header, so browsers will not try to access your pages over SSL first.

Nosniff
   
Uh oh! nosniff does not appear to be found in the site's HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.

X-XSS-Protection
   
Uh oh! We didn't detect any mention of X-XSS-Protection in headers anywhere, so there's likely room to improve if we want to be as secure as possible against cross site scripting.

Content Security Policy
   
Uh oh! We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site's HTTP header, making XSS attacks more likely to succeed.

UTF-8 Character Encoding
   
Uh oh! utf-8 doesn't appear to be declared in this site's HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site's pages. We hope so.

Server Information
   
Uh oh! Server: was found in this site's HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!

Cross Domain Meta Policy
   
Uh oh! Permitted-Cross-Domain-Policies does not appear to be found in the site's HTTP header, so it's possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pd

Side wide issue: Suspicious

l terms of our instant no fax payday loan instant <br> no fax payday loan own financial status whether they wish. apply

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!