« previous next »
Pages: [1]   Go Down

Author Topic: Malicious content on this finnish software download website?  (Read 1928 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Malicious content on this finnish software download website?
« on: April 23, 2016, 02:15:22 AM »
I went to download newest version of CCleaner from filehippo.com, but inadvertently clicked a Sponsored link with "Download newest CCleaner" written in finnish, and it redirected me to a website called "lataaohjelmisto.com", a seemingly finnish website that offered CCleaner for download, but I went back to Filehippo and downloaded it there. I checked lataaohjelmisto.com later, and got one VT blacklist:

https://www.virustotal.com/en-gb/url/a4fca224a85b370062ba4ebd790a237af0518444b27a140005beb22920128c64/analysis/

Quttera scan shows malicious file detection:
http://quttera.com/detailed_report/lataaohjelmisto.com

Netcraft riskrating shows 1/10:
http://toolbar.netcraft.com/site_report?url=lataaohjelmisto.com

Quttera report for malicious file seems to be reported to be under domain "/offers.html", but the said link doens't appear to be included in the website anymore, at least according to Sucuri, though it appears on the list of killmalware.com Scanned pages:

http://killmalware.com/lataaohjelmisto.com/
« Last Edit: April 23, 2016, 02:21:23 AM by Pernaman »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37700
Re: Malicious content on this finnish software download website?
« Reply #1 on: April 23, 2016, 08:10:14 AM »
This is the URL quttera list
https://virustotal.com/en/url/5e51aef1ead37f4e0187f7563ea29d5e7137f95c7db2fb3538e7cbef0a7e3a65/analysis/1461391686/

> Additional information tab
Quote
Dr.Web: known infection source
Websense ThreatSeeker: potentially unwanted software

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34067
  • malware fighter
Re: Malicious content on this finnish software download website?
« Reply #2 on: April 24, 2016, 12:55:14 AM »
Nothing malicious per se detected, there are some script errors however.
Quote
  error: undefined variable d.getElementsByTagName("head")[0]
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var d.getElementsByTagName("head")[0] = 1;
          error: line:1: ....^
Consider this: jsunpack.called CreateElement script  //jsunpack.url element = //cdn.castplatform dot com/scripts/1/adnl.min.js  DOM XSS vulnerable code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcdn.castplatform.com%2Fscripts%2F1%2Fadnl.min.js+
and -http://d.castplatform.com/api/vv/1?callback=cb_1461451805931&ts=1461451805860&sessionId=GaBLw&siteId=610&aus=2103,1,0  content tracker code...

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fd.castplatform.com%2Fapi%2Fvv%2F1%3Fcallback%3Dcb_1461451805931%26ts%3D1461451805860%26sessionId%3DGaBLw%26siteId%3D610%26aus%3D2103%2C1%2C0

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »