Author Topic: Known infection source not flagged on AOS!  (Read 960 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33972
  • malware fighter
Known infection source not flagged on AOS!
« on: December 26, 2015, 08:22:49 PM »
See: https://www.virustotal.com/nl/url/23684799c3e5b0ea46ef78a6f5a091b932d80c2b3faff7179b83a25c5f64afeb/analysis/1451157075/
See:
Malfile: /index.php/freerideabruzzo/index.html
Severity:   Malicious
Reason:   Detected reference to blacklisted domain
Details:   Detected reference to malicious blacklisted domain wXw.gosnowkite.com
Missed completely here: https://sitecheck.sucuri.net/results/www.kitesurfspirit.com
And here mised as well: https://urlquery.net/report.php?id=1451157204587
Flagged: http://killmalware.com/www.kitesurfspirit.com/ -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.kitesurfspirit.com%2Fskin%2Ffrontend%2Fdefault%2Ftheme000%2Fjs%2Fsuperfish.js

-http://www.kitesurfspirit.com
Detected libraries:
jquery - 1.7 : -http://www.kitesurfspirit.com/skin/frontend/default/theme000/js/jquery-1.7.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery.prettyPhoto - 3.1.2 : -http://www.kitesurfspirit.com/skin/frontend/default/theme000/js/jquery.prettyPhoto.js
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
prototypejs - 1.7 : -http://www.kitesurfspirit.com/js/prototype/prototype.js
2 vulnerable libraries detected

We land at infested url via: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.kitesurfspirit.com%2Findex.php%2Fcustomer%2Faccount%2Flogin%2F

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.kitesurfspirit.com%2Findex.php%2Fsnowkite%2Fsnowkite-usati-campo-imperatore-abruzzo-italy.html

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!