« previous next »
Pages: [1]   Go Down

Author Topic: Sucuri does not detect site as malicious? Avast flags VBS:Dropper-DF [Trj]  (Read 932 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Sucuri does not detect site as malicious? Avast flags VBS:Dropper-DF [Trj]
« on: May 13, 2015, 11:17:27 PM »
See: https://sitecheck.sucuri.net/results/www.norexpo.com
See:
Custom errors: fail and two warnings: https://asafaweb.com/Scan?Url=www.norexpo.com%2Flistnews%2F0423%2Findex45.html
Avast detects here: VBS:Dropper-DF [Trj]
Malicious files 2
/Reservation.aspx
Severity:   Malicious
Reason:   Detected reference to blacklisted domain
Details:   Detected reference to malicious blacklisted domain -js.tongji.linezing.com

/index.html
Severity:   Malicious
Reason:   Detected reference to blacklisted domain
Details:   Detected reference to malicious blacklisted domain -bththb.com

Blacklisted by Yandex: https://yandex.com/infected?l10n=en&url=www.norexpo.com&redircnt=1431551347.1

Sctript exploit in
http://zerocert.org/?code=4de0be23df89a09ae2d786e36c6e5bb4012f349c7f40af819991650dde6e948a

XSS DOM vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.norexpo.com+
var co=document.cookie; {Injection point} in: Results from scanning URL: http://www.norexpo.com /js/Floater.js
Number of sources found: 10
Number of sinks found: 10 -> http://whois.india.dj/source/www.norexpo.com/js/Floater.js

polonus (volunteer website security analyst and website error hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »