Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Riskware.Script.BetterSurf.ctbzhb detected on website?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Riskware.Script.BetterSurf.ctbzhb detected on website? (Read 2011 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Riskware.Script.BetterSurf.ctbzhb detected on website?
«
on:
March 30, 2015, 12:36:47 AM »
Defacement signatures
goddogproducciones dot com is defaced! See more details below.
The following signature was found:
!-- Hacked by No Name Cyber Team --
This signature was found in 17 websites.
Re:
http://killmalware.com/goddogproducciones.com/
See: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwanomalysp7?v53 htxp://goddogproducciones.com
Website Malware malware-entry-mwanomalysp7?v53 htxp://goddogproducciones.com/404javascript.js
Known javascript malware. Details:
http://labs.sucuri.net/db/malware/malware-entry-mwanomalysp7?v53
Missed:
https://www.virustotal.com/en/url/72c3aa46d89162e15badda860ec7ab71a09db323e8ed5b008e00156bf955d622/analysis/1427668093/
See: attached for the suspicious file that Quttera detects.
Suricata IDS alerts for "ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding",
see here:
https://urlquery.net/report.php?id=1427668260150
polonus
«
Last Edit: March 30, 2015, 12:40:29 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Re: Riskware.Script.BetterSurf.ctbzhb detected on website?
«
Reply #1 on:
March 30, 2015, 09:03:29 AM »
Riskware.Script.BetterSurf.ctbzhb not being detected by Avast Web Shield, no warning either.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Re: Riskware.Script.BetterSurf.ctbzhb detected on website?
«
Reply #2 on:
April 22, 2015, 10:50:18 PM »
Another example:
http://killmalware.com/rateapartner.com/
Not here:
http://www.bonasera.org/?tag=wwwrateapartnercom
http://rateapartner.com
links to the following External Domains:
==>apisurftasticnet-a.akamaihd.net
==>youtube.com
Detected Riskware.Script.BetterSurf.ctbzhb
List of scripts included
htxp://apisurftasticnet-a.akamaihd.net/gsrs?is=amp1lmeg&bp=PB&g=f47f4329-19a1-4111-a256-13a763f5939d
Defacement MW:DEFACED:01 htxp://rateapartner.com
Defacement MW:DEFACED:01 htxp://rateapartner.com/404javascript.js
Web site defaced. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<title>.:: Hacked By Taz ::.</title>
Missed by Quttera's:
http://quttera.com/detailed_report/rateapartner.com
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Re: Riskware.Script.BetterSurf.ctbzhb detected on website?
«
Reply #3 on:
April 25, 2015, 03:37:38 PM »
Another example:
http://killmalware.com/conexaoemprego.com.br/
See:
http://www.zone-h.org/mirror/id/23134230
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Re: Riskware.Script.BetterSurf.ctbzhb detected on website?
«
Reply #4 on:
July 03, 2015, 05:36:23 PM »
Still going strong: Riskware.Script.BetterSurf.ctbzhb
Detected here:
http://killmalware.com/tlc888.net/#
Read:
http://stackoverflow.com/questions/24752050/scripts-appears-automatically-in-web-pages
See:
http://tlc888.net/
and
http://www.scammed.by/indexfrom.php?email=Security.lTunes@insecurity.com
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Riskware.Script.BetterSurf.ctbzhb detected on website?