Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks! (Read 1526 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks!
«
on:
August 31, 2015, 11:35:05 AM »
:)See:
https://urlquery.net/report.php?id=1441005093642
Fortinet flags as malware. 3 detect:
https://www.virustotal.com/nl/url/7088b51da205c84e5c9dbcdef8ba928e1e43c8c9b841ae55481c8a7d5710f0d1/analysis/
Sucuri detects as SEO Spam:
https://sitecheck.sucuri.net/results/roachbrown.binachron.com
Known Spam detected. Details:
http://sucuri.net/malware/entry/MW:SPAM:SEO?sb
<div id='HiddenDiv'>////////</a><br/></div><style>.gjp2{position:absolute;clip:rect(408px,auto,auto,465px);}</style> </div><script type='text/javascript'>if(document.getElementById('HiddenDiv') != null){document.getElementById('HiddenDiv').style.visibility = 'hidden';document.getElementById('HiddenDiv').style.display = 'none';}</script>
*Known javascript malware. Details:
http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}xViewState();
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.2
WordPress Version
3.7.10
Version does not appear to be latest 4.3 - update now.
The following plugins were detected by reading the HTML source of the WordPress sites front page.
nextgen-gallery latest release (2.1.9)
http://www.nextgen-gallery.com
WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /
Roach Brown 1.1http://wordpress.org/
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
User ID 1 : oskar
User ID 2 : Nonesed?
Missed or clean?
->
http://quttera.com/detailed_report/roachbrown.binachron.com
->
http://www.domxssscanner.com/scan?url=http%3A%2F%2Froachbrown.binachron.com%2F
-> -http://killmalware.com/roachbrown.binachron.com/profile/kdmccarthy/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/monoslideshow.js
«
Last Edit: August 31, 2015, 12:34:28 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Monokai Slideshow manipulation - malware? SEO Spam infection
«
Reply #1 on:
August 31, 2015, 11:50:58 AM »
Avast detects JS.HideLink.A there, we are being protected, folks,
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Monokai Slideshow manipulation - malware? SEO Spam infection
«
Reply #2 on:
August 31, 2015, 12:28:00 PM »
More PHISHing going on from that IP:
https://urlquery.net/report.php?id=1440359402168
->
https://www.threatcrowd.org/ip.php?ip=97.74.141.1
http://www.scumware.org/report/97.74.141.1
http://www.nictasoft.com/ace/ip-search/?ip=97.74.141.1
(flagged by Avast as JS.HideLink.A as well
)
pol
«
Last Edit: August 31, 2015, 12:33:27 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks!