Author Topic: FP on GDA? (Read 5408 times)

500dan500 · « **on:** April 12, 2009, 09:40:42 PM »

I was on Green Day Authority and avast! popped up on the following link;

hXXp://www.greendayauthority.com/download/mvideo.htm

Is it a FP?

12/04/2009 20:37:47 1239565067 SYSTEM 1512 Sign of "HTML:IFrame-BV [trj]" has been found in "hXXp://www.greendayauthority.com/download/mvideo.htm" file.

Lisandro · « **Reply #1 on:** April 12, 2009, 09:45:20 PM »

Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?

500dan500 · « **Reply #2 on:** April 12, 2009, 10:02:28 PM »

Don't think so, main page is fine; http://www.greendayauthority.com/

DavidR · « **Reply #3 on:** April 12, 2009, 10:28:34 PM »

Just because the main page is fine doesn't mean they all are and in this case that page has been hacked.

There is an iframe tag after the closing html tag a standards no, no and the url that it connects to is obfuscated, highly suspicious.

See image, I have broken the code down to make it easier to see as it is all on a single line.

500dan500 · « **Reply #4 on:** April 12, 2009, 10:38:45 PM »

Ah ok, I thought Tech meant they had been hacked recently so would have thought there would have been a note on the front page. Thank you.

DavidR · « **Reply #5 on:** April 13, 2009, 12:50:11 AM »

You're welcome, if you know them or regularly visit, you might want to drop them an email.

500dan500 · « **Reply #6 on:** April 13, 2009, 12:54:21 AM »

Yeah just did to the owner founder.

DavidR · « **Reply #7 on:** April 13, 2009, 01:01:12 AM »

Hopefully it won;t take them long to resolve it, but they should check any content management software (like php) if they use any is up to date as old versions may be vulnerable to attack. They might also want to change their passwords for modification/uploads, etc.

500dan500 · « **Reply #8 on:** April 15, 2009, 02:13:36 AM »

Just wanted to post something else in here.. The iFrame is still there, but I reinstalled Windows 7 lastnight on another partition and decided to try "ESET Smart Security - Home Edition" as I see so many people have it in their email sigs, tried the eicar test file, it picked it up, went to the page I reported in this thread, ESET did not pick it up. $:-\$

Thank god for avast!

DavidR · « **Reply #9 on:** April 15, 2009, 02:59:43 AM »

Well it may not have even been looking for this type of infection, but avast's web shield is all over it with a rash and I still haven't found one incorrect detection in those that I have checked out in the forums.

Author Topic: FP on GDA? (Read 5408 times)

500dan500

FP on GDA?

Lisandro

Re: FP on GDA?

500dan500

Re: FP on GDA?

DavidR

Re: FP on GDA?

500dan500

Re: FP on GDA?

DavidR

Re: FP on GDA?

500dan500

Re: FP on GDA?

DavidR

Re: FP on GDA?

500dan500

Re: FP on GDA?

DavidR

Re: FP on GDA?