« previous next »
Pages: [1]   Go Down

Author Topic: Customised XXS-malware on website - Emsisoft detects Trojan.Generic.8598541 (B)  (Read 1959 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Customised XXS-malware on website - Emsisoft detects Trojan.Generic.8598541 (B)
« on: June 28, 2015, 06:15:39 PM »
See: http://killmalware.com/guttersolutionsnw.com/#
Malware Script Detector blocks here:  htxp://guttersolutionsnw.com/wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.js
Much wrong on this website: WordPress Version
3.8.8
Version does not appear to be latest 4.2.2 - update now.
The following plugins were detected by reading the HTML source of the WordPress sites front page.

fancier-author-box 1.3.2   latest release (1.4) Update required
-https://wordpress.org/plugins/fancier-author-box/
sliding-contact-form-by-formget 2.5   latest release (2.5)
-http://www.formget.com
cherry-plugin   
seo-facebook-comments 1.5.2   latest release (1.5.2)
-http://www.plulz.com
font-awesome 3.2.1   latest release (3.2.1)
-http://www.rachelbaker.me
social-media-widget 4.0.2   latest release (4.0.3) Update required
-http://wordpress.org/extend/plugins/social-media-widget/
wordpress-seo 1.7.1   latest release (2.2.1) Update required
-https://yoast.com/wordpress/plugins/seo/
contact-form-7 3.9.3   latest release (4.2.1) Update required
-http://contactform7.com/
The theme has been found by examining the path /wp-content/themes/ *theme name* /

-theme48338 3.1http://info.template-help.com/help/

Issues with cherryframework: https://www.mywot.com/en/scorecard/cherryframework.com?utm_source=addon&utm_content=popup

52 instances found of detected reference to malicious blacklisted domain form.jotform.us
Known for PHISHing abuse: http://www.jotform.com/answers/505516-Need-to-report-a-phishing-form-http-form-jotform-us-form-50275355395157
Secret Service and GoDaddy assault on JobForm: http://arstechnica.com/tech-policy/2012/02/secret-service-asks-for-shutdown-of-legit-website-over-user-content-godaddy-complies/

Results from scanning URL: htxp://www.statcounter.com/counter/counter.js  malicious
Number of sources found: 27
Number of sinks found: 14

Exploitable sizzle.js in Results from scanning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
Number of sources found: 42
Number of sinks found: 12
Read: http://blog.9bplus.com/if-i-were-an-attacker-third-party-js-librarie/


polonus (volunteer website security analyst and website error-hunter)

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Customised XXS-malware on website - Emsisoft detects Trojan.Generic.8598541 (B)
« Reply #1 on: June 28, 2015, 06:53:34 PM »
Why this link had to be broken on that website, like this?
hxxp://dashboard.socialtools.fm/socialfm.js?code=c58beff44260b8dc83730e026b9daae0e6493553

See: https://dashboard.socialtools.fm/users/sign_in

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5616
  • Spartan Warrior
Re: Customised XXS-malware on website - Emsisoft detects Trojan.Generic.8598541 (B)
« Reply #2 on: June 29, 2015, 09:06:00 AM »
TBH, site appears to load normally atm.

You may be seeing broken code because, to be quite honest, few here run at your level of expertise.  Glad you are here. 
Logged
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801
Pages: [1]   Go Up
« previous next »