Author Topic: Malicious file on defaced website....  (Read 1147 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33293
  • malware fighter
Malicious file on defaced website....
« on: September 19, 2015, 05:26:00 PM »
See: https://www.virustotal.com/nl/url/1f2c3f9a028a25fce2018c72b7b6f7643e4cd77aef790d3b9b7998442a36cd29/analysis/1442675947/
Detected: http://killmalware.com/evalopezherrero.com/
flagged: NANO-AntivirusTrojan.Script.StartPage.fakt
index.html
Severity:   Malicious
Reason:   Detected malicious PHP content
Details:   Website Potentially Defaced
Offset:   135
Threat dump:   View code Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
<title>Hacked By Mr.inverse</title>
Threat dump MD5:   7D3BCD0D494DC20A2856352647499149
File size[byte]:   2352
File type:   HTML
Page/File MD5:   F884C538B826A079B1F317ADF8C4FF7D
Scan duration[sec]:   0.006000

Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fevalopezherrero.com%2F
Vulnerabilities: https://lolware.net/2015/04/28/nginx-fuzzing.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: Malicious file on defaced website....
« Reply #1 on: September 19, 2015, 10:16:06 PM »
Thanks,

file added in our DB and detection will be released soon

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33293
  • malware fighter
Re: Malicious file on defaced website....
« Reply #2 on: September 20, 2015, 12:45:05 AM »
Good that has been added.
This is now being blocked: -http://www.birjandcity.com/User_Files/index.html000
Similar defacement malcode there. We are being protected by Avast.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!