« previous next »
Pages: [1]   Go Down

Author Topic: HTML/Drop.Agent.AB on website detected?  (Read 2693 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
HTML/Drop.Agent.AB on website detected?
« on: May 25, 2015, 02:31:02 PM »
See: https://www.virustotal.com/nl/url/83ef0c886b6756458200c558ccf1c8f8186e55b5e33f2b52e29f8216f34e9b5c/analysis/
Unable to scan properly? https://sitecheck.sucuri.net/results/asso-evenement.com#sitecheck-details
eMetrics tracking via: htxps://count.carrierzone.com/app/count_server/count.js
uMatrix has prevented the following page from loading:
htxps://count.carrierzone.com/app/count_server/count.js GoBack!
Code added as result of a hack. Carrierzone is some sort of spam protecting service for web and mail servers,
with a bad web rep (spam): https://www.mywot.com/en/scorecard/carrierzone.com?utm_source=addon&utm_content=popup

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: HTML/Drop.Agent.AB on website detected?
« Reply #1 on: May 25, 2015, 02:36:56 PM »
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37533
  • Not a avast user
Re: HTML/Drop.Agent.AB on website detected?
« Reply #2 on: May 25, 2015, 02:58:16 PM »
Logged

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: HTML/Drop.Agent.AB on website detected?
« Reply #3 on: May 25, 2015, 03:01:04 PM »
Yep, thanks Pondus. :)
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: HTML/Drop.Agent.AB on website detected?
« Reply #4 on: May 25, 2015, 03:10:21 PM »
Could well be everybody detects it and that is a good thing, but probably admins installed carrierzone as a protection and got the ill results that way.
There are more that have this malware at the mo at -obh.net.
Up(nil):   HTML/Drop.Agent.AB   RIPE   GB   abuse at -ovh.net   178.32.52.67    to 178.32.52.67   -asso-evenement.com   htxp://asso-evenement.com (the one we already presented above)
and:
Up(nil):   HTML/Drop.Agent.AB   RIPE   GB   abuse at -ovh.net   178.32.52.67    to 178.32.52.67   -banlieu-en-action.org   htxp://banlieu-en-action.org
Up(nil):   HTML/Drop.Agent.AB   RIPE   GB   abuse at -ovh.net   178.32.52.67    to 178.32.52.67   -beurette-coquine.net   htxp://beurette-coquine.net
Up(nil):   HTML/Drop.Agent.AB   RIPE   GB   abuse at -ovh.net   178.32.52.67    to 178.32.52.67   -boutiques-ephemeres.com   htxp://boutiques-ephemeres.com
Up(nil):   HTML/Drop.Agent.AB   RIPE   GB   abuse at -ovh.net   178.32.52.67    to 178.32.52.67   -ddream-media.fr   htxp://ddream-media.fr  (source VirusWatch MX).

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: HTML/Drop.Agent.AB on website detected?
« Reply #5 on: May 25, 2015, 03:16:36 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37533
  • Not a avast user
Re: HTML/Drop.Agent.AB on website detected?
« Reply #6 on: May 25, 2015, 03:18:07 PM »
« Last Edit: May 25, 2015, 03:23:27 PM by Pondus »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37533
  • Not a avast user
Re: HTML/Drop.Agent.AB on website detected?
« Reply #7 on: May 25, 2015, 03:26:34 PM »
Quote from: polonus on May 25, 2015, 03:16:36 PM
Is this similar malware - Bck/Prorat.HT
Also detected by almost all: https://www.virustotal.com/nl/url/06ed6bc716bbb5c180a0d3fbea9d094a58892db193b39d31416fa7821b22e7b6/analysis/1432559087/
https://www.virustotal.com/nl/file/4530cbf050b3d3bbc500bee17c48056bcaacbb86d476c80ec8bbb4c0aa6238b9/analysis/1389661599/
Realtime situation there: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=193.106.172.%
most of it LONG OVERDUE! malcode.

pol
No ... that is a .exe file, the others are html script

old also  First submission 2012-12-24 20:17:49 UTC ( 2 years, 5 months ago )



« Last Edit: May 25, 2015, 03:29:41 PM by Pondus »
Logged
Pages: [1]   Go Up
« previous next »