Author Topic: Malicious file on defaced website.... (Read 1593 times)

polonus · « **on:** September 19, 2015, 05:26:00 PM »

See: https://www.virustotal.com/nl/url/1f2c3f9a028a25fce2018c72b7b6f7643e4cd77aef790d3b9b7998442a36cd29/analysis/1442675947/
Detected: http://killmalware.com/evalopezherrero.com/
flagged: NANO-AntivirusTrojan.Script.StartPage.fakt
index.html
Severity:   Malicious
Reason:   Detected malicious PHP content
Details:   Website Potentially Defaced
Offset:   135
Threat dump:   View code Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
<title>Hacked By Mr.inverse</title>
Threat dump MD5:   7D3BCD0D494DC20A2856352647499149
File size[byte]:   2352
File type:   HTML
Page/File MD5:   F884C538B826A079B1F317ADF8C4FF7D
Scan duration[sec]:   0.006000

Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fevalopezherrero.com%2F
Vulnerabilities: https://lolware.net/2015/04/28/nginx-fuzzing.html

polonus

Sirmer · « **Reply #1 on:** September 19, 2015, 10:16:06 PM »

Thanks,

file added in our DB and detection will be released soon

polonus · « **Reply #2 on:** September 20, 2015, 12:45:05 AM »

Good that has been added.
This is now being blocked: -http://www.birjandcity.com/User_Files/index.html000
Similar defacement malcode there. We are being protected by Avast.

polonus

Author Topic: Malicious file on defaced website.... (Read 1593 times)

polonus

Malicious file on defaced website....

Sirmer

Re: Malicious file on defaced website....

polonus

Re: Malicious file on defaced website....