« previous next »
Pages: [1]   Go Down

Author Topic: Betabot detected here? Win32:Malware-gen!  (Read 1367 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Betabot detected here? Win32:Malware-gen!
« on: April 12, 2015, 07:11:35 PM »
See: https://sitecheck.sucuri.net/results/shadyx.net
and https://www.virustotal.com/nl/url/d1be358be3163871d1ddbb04e8fab02c7f6cdb94dc8923de9b36c8f8169555d2/analysis/1428855384/
No detection: http://quttera.com/detailed_report/shadyx.net
Neither here: https://app.webinspector.com/public/reports/32525380
Included script issue: ndex_edgePreload.js
http://xss.cx/2011/05/07/dork/reflected-xss-javascript-injection-incorrect-content-type-ghdb-cwe79-05072011-01.html
See: https://www.virustotal.com/nl/ip-address/85.159.237.148/information/
PHP vuln.: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-178175/PHP-PHP-5.4.35.html

XSS DOM scan: Results from scanning URL: htxp://shadyx.net/index_edgePreload.js
Number of sources found: 4
Number of sinks found: 6
Attacking well-secured websites: innerHTML; var h=tags; if(t.indexOf(s)>0){ s =(parseInt(t)-1)+s; h.removeChild(h.firstChild)  ..script injection should be prevented  remove nasty tags / attributes
Interesting read about this attack: http://www.quora.com/How-can-I-clear-my-Wordpress-blog-of-malicious-scripts-and-the-subsequent-search-issues This is a hijacking attempt via XSS.

polonus

« Last Edit: April 12, 2015, 10:50:30 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »