Author Topic: GetHookIf malware on sedo-parked website...  (Read 513 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
GetHookIf malware on sedo-parked website...
« on: January 16, 2019, 05:37:58 PM »
In jQuery
Quote
define ->

    addGetHookIf = (conditionFn, hookFn) ->

        return {
            get: ->
                delete @get if conditionFn()

        }

        (@get = hookFn).apply this, arguments

    addGetHookIf
source jQuery-Coffee on Github, all handwritten, credits:-https://github.com/sharikul/jQuery-Coffee/graphs/contributors

No alerts, re: https://urlquery.net/report/c6da9174-5d31-4a84-b235-918b0568e950
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3cxLmZ8c3R9e3BdfXQubnt0YA%3D%3D~enc
and: https://any.run/report/ceeb4d01643b20b1e26638abe14266bb1a412686aebfda44864bbdab88022d96/581bca46-74cc-4128-b860-c2f6d58fe302
Re: https://urlscan.io/result/4bfd9be8-214d-4ba7-b0d0-482e62ec6f3b
2 vulnerable jQuery libraries: https://retire.insecurity.today/#!/scan/693080d3f57b88f52405c2cd9c43507ac4031b57143f5d0791082ebe3deb8b6e

Results from scanning URL: -http://ww1.fastreport.net
Number of sources found: 214 ; number of sinks found: 28

Results from scanning URL: -http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js
Number of sources found: 27 ; number of sinks found: 17

uBlock₀ has prevented the next page from loading:

-http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

because of the following filter

||img.sedoparking.com^

Found inside: -https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-social/hosts  • http://sysctl.org/cameleon/hosts

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: January 16, 2019, 05:46:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!