Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Malicious defacement missed?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Malicious defacement missed? (Read 1446 times)
0 Members and 2 Guests are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34053
malware fighter
Malicious defacement missed?
«
on:
July 30, 2015, 10:32:29 PM »
See:
https://www.virustotal.com/nl/url/26bc0125354f3291afce04f8e45f5ab9a6b383712152dbb458383243bda71b4a/analysis/
See:
http://quttera.com/detailed_report/crosswiresolutions.com
Detected here:
https://sitecheck.sucuri.net/results/crosswiresolutions.com
Web site defaced. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Hacked By Darkshadow</title> <script type="text/javascript"
http://killmalware.com/crosswiresolutions.com/
detected suspicious code as
Antivirus reports:
TrendMicro-HouseCallTROJ_GEN.F47V0724
KasperskyUDS:DangerousObject.Multi.Generic
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34053
malware fighter
Re: Malicious defacement missed?
«
Reply #1 on:
July 30, 2015, 10:42:11 PM »
This posting is an update from this earlier my posting:
https://forum.avast.com/index.php?topic=171241.0
3 months means the issue is long OVERDUE!
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37698
Re: Malicious defacement missed?
«
Reply #2 on:
July 30, 2015, 10:55:46 PM »
html scan
https://www.virustotal.com/en/file/73c7ab93fded9e42b54ddf8a7983ea9e55b316779c5a7eb002cbf7b98c4f989d/analysis/1438289485/
code sample scanned 2013-11-06 14:14:28 UTC (
1 year, 8 months ago
)
https://www.virustotal.com/en/file/2cce81b5d7a41ab55f4d62d56dca72e6880b58b484531113e3fa671fb18b4c19/analysis/
seem this link will not show the old result after a new fresh scan, but this was the result
TrendMicro-HouseCallTROJ_GEN.F47V0724
KasperskyUDS:DangerousObject.Multi.Generic
code sample fresh scan
https://www.virustotal.com/en/file/2cce81b5d7a41ab55f4d62d56dca72e6880b58b484531113e3fa671fb18b4c19/analysis/1438289630/
«
Last Edit: July 30, 2015, 10:58:31 PM by Pondus
»
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34053
malware fighter
Re: Malicious defacement missed?
«
Reply #3 on:
August 21, 2015, 11:35:53 PM »
Update site still hacked and defaced:
http://killmalware.com/crosswiresolutions.com/#
& confirmed here:
http://toolbar.netcraft.com/site_report?url=http://crosswiresolutions.com
Sucuri has it: ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 -http://crosswiresolutions.com
Defacement MW:DEFACED:01 -http://crosswiresolutions.com/404javascript.js
Web site defaced. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Hacked By Darkshadow</title> <script type="text/javascript">
Various insecure or bad web rep uri's:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fajax.cloudflare.com%2Fcdn-cgi%2Fnexp%2Fdok2v%3D919620257c%2Fcloudflare.min.js
and see my posting:
https://forum.avast.com/index.php?topic=175440.0
Low Level Site Exploration:
http://1col.ru/www.crosswiresolutions.com
Conversant "abuse"- via <a href="-http://www.fastclick.com">here</a>
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Malicious defacement missed?