Author Topic: Owned by a website with loads of malware and Iframes...  (Read 10532 times)

0 Members and 1 Guest are viewing this topic.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Owned by a website with loads of malware and Iframes...
« on: May 16, 2009, 05:58:23 AM »
Ok, I went to this site: hXXp://link-protector.com/x-18700

Then I got owned by loads of hidden Iframes and stuff. Avast! only detected the picture virus, but other malware came through, then I encountered some new tabs, that had the same website. Repeatly downloading viruses and Avast! didn't block them. I disabled internet connection, Tryed a boot-time scan, it only found my EICAR Test File and I was mad. Then I tryed Malwarebytes' Antimalware but it woulden't even start. So now I'm attempting to download Super AntiSpyware Pro and run a full scan just to be on the safe side, anyways, can you add this site to the network shield? It might be a hidden keylogger reading what I type this very moment...

Here is the Hijack This Log from when it was happening and here is the Avast! boot-time scan log.

Here is what it blocked:
15.05.2009  20:13:45  Network Shield: blocked access to malicious site segulnhen.com/image/pfgt.php [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 1456 ) ]

I hope that I don't have a unknown hidden virus if the site is updated daily with brand new viruses...

~Donovansrb10~
« Last Edit: May 16, 2009, 06:00:33 AM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #1 on: May 16, 2009, 06:14:57 PM »
Here is what I found in the websites coding - part 1 - see pictures below.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #2 on: May 16, 2009, 06:15:55 PM »
Here is what I found in the websites coding - part 2 - see pictures below.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #3 on: May 16, 2009, 06:18:18 PM »
SuperAntiSpyware didn't detect anything so I think I'm secure. Only some browser hacking...
« Last Edit: May 16, 2009, 06:34:17 PM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #4 on: May 17, 2009, 01:31:25 AM »
Anybody??

........................................
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Owned by a website with loads of malware and Iframes...
« Reply #5 on: May 17, 2009, 03:53:11 AM »
OK, I'll have a go.
Stop trying to download something for nothing, in a situation where you already know that this package normally requires payment. >:(
You should know better.
If something appears to good to be true, it probably is.
HJT log appears clean.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #6 on: May 17, 2009, 04:05:51 AM »
If something appears to good to be true, it probably is.

If something appears too good to be true, it probably is.

--------------------------------------------------------------------------

HJT log appears clean.
:)
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Owned by a website with loads of malware and Iframes...
« Reply #7 on: May 17, 2009, 04:09:30 AM »
And the best response you can manage is to correct a typo.
OK, you win.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #8 on: May 17, 2009, 04:24:29 AM »
And the best response you can manage is to correct a typo.

I don't know... How should I know?

OK, you win.
;D
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81923
  • No support PMs thanks
Re: Owned by a website with loads of malware and Iframes...
« Reply #9 on: May 17, 2009, 04:59:15 PM »
When you come seeking help being a smart ar** doesn't help your cause, it just means people won't bother in the future.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Owned by a website with loads of malware and Iframes...
« Reply #10 on: May 17, 2009, 08:08:25 PM »
Scan for out-of-date and insecure software using Secunia Online Software Inspector (OSI) and update any vulnerable software: this will help to prevent future infections.

there's no reason to get pwned just visiting a website.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1620
Re: Owned by a website with loads of malware and Iframes...
« Reply #11 on: May 18, 2009, 05:42:55 AM »
Hi there Donovansrb10

Okay if I ask whether you trawl around web looking to pick up viruses so then you can put into work your learning on anti-malware options. If malware is trouble, which it is, then you seem to be looking for trouble. So best of intentions then?

If so, perhaps adding a 'notification of intent' rider in the opening post of your thread - to help readers / viewers who are following the thread - would add to the usefullness of your contribution.

I actually copied images from reply 1 and reply 2 in the thread so to show to people as examples of the growing use of the 'iframe' range of malware attack. It was convenience really. The images happened to be at a convenient time and place - when I wanted to add a few examples to a record I was keeping on various guidelines to safe practice and secure system for home computers. Encouraging prevention behaviours amongst my existing clients, as well as clients to be. What you posted were good examples.

At the risk of sounding 'know it all' - when some of my posts may be not far short of unneeded - many people myself included log in to Avast forum to keep up to speed with the changing ways and means of malware attack, and to help empower the unknowing computer users (most of my clients) amongst us to keep their desktops in a running state. For myself, I did my antivirus toil (irritatingly time-consuming and sometimes self-defeating) for two years just using various tools and common sense with no real depth understanding of the malware environment, such that I probably had far better outcomes than I deserved. I'm not so sure whether I could survive today with that kind of approach, especially when you consider the changing face of Microsoft malware defense since last November. And I need to continue forward with a record of far better outcomes. Avast forum is a key play to my future good fortune, maybe the key factor. So just keen to deliver good outcomes, and keep success rate high. So I post this reply.

In no way do I mean offense to you or anyone else (except malware perps). In fact, appreciate your contribution, as I said, I found images in reply 1 and 2 very useful cause of time and place. And would not mind at all to keep things that way. But sometimes intent behind some posts is a bit of a guessing game (and not just you, not picking on you at all - at time my posts can be equally confusing as well). Just trying to do my bit to keep this very useful forum on a very useful bearing. Cause it works for me.



Kia kaha, go well, to all Avast forum contributors. 

« Last Edit: May 18, 2009, 07:26:22 AM by mkis »
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Owned by a website with loads of malware and Iframes...
« Reply #12 on: May 18, 2009, 10:37:02 PM »
Stop trying to download something for nothing, in a situation where you already know that this package normally requires payment. >:(
Download what?

When you come seeking help being a smart ar** doesn't help your cause, it just means people won't bother in the future.
............................................

there's no reason to get pwned just visiting a website.
*No Comment*

Hi there Donovansrb10

Okay if I ask whether you trawl around web looking to pick up viruses so then you can put into work your learning on anti-malware options.
Yeah... :P
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31666
  • malware fighter
Re: Owned by a website with loads of malware and Iframes...
« Reply #13 on: May 18, 2009, 11:07:04 PM »
Hi Donovansrb10,

There were people before that really started collecting malware for a reason. There are those that collect stamps, others collects coins, some collect worms, viruses, Trojan horses, and exploits, like  Anthony Aykut. About him: http://www.linkedin.com/pub/anthony-aykut/0/35a/a82
This collector of malware has turned his hobby into a real time job, so you can hear from his podcast. The hundred of thousands of malware samples he collects through Honeypots, Aykut sells to firms that have no spare time to do this themselves, but like to test their apps against malware all sorts. Aykut also analyzes each and every piece of malware and forwards them to av-vendors, which he has now built a favorable relationship with. In the mean time his firm has collected 2,2 million samples over the last few years and these are very well sought after by his customers. Listen to his podcast here:
http://debeveiligingsupdate.nl/2009/05/01/

So it could be that Donovansrb10 one day in the future could become a member of the The Frame4group, Aykut's firm,

polonus
« Last Edit: May 18, 2009, 11:16:02 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Owned by a website with loads of malware and Iframes...
« Reply #14 on: May 18, 2009, 11:28:01 PM »
@Donovansrb10:
I checked the links and also I read the codes you post in pictures, all those urls in those codes are already blacklisted by the MVPS and ads lists in HostsMan, why don't you immunize your Hosts file to enjoy surfing a web without ads and also block any traffic from your computer to bad urls without any impact in your computer performance and also speed of your web browsing (because ads would not load in your computer and google would not be able to spy your web browsing) ??

I did not get any alert by my anti-viruses because those bad URLs are already blocked in my Hosts file and nothing loaded from those site to get alert because of their content :)