Author Topic: Whizlabs warning  (Read 2780 times)

0 Members and 1 Guest are viewing this topic.

udy

  • Guest
Whizlabs warning
« on: May 18, 2009, 06:17:37 PM »
Hi folks,

I entered the wXw.whizlabs.com site for one of their product, and got a warning.

Is that site really a threat?

Thanks.
« Last Edit: May 18, 2009, 10:16:00 PM by udy »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86135
  • No support PMs thanks
Re: Whizlabs warning
« Reply #1 on: May 18, 2009, 06:38:52 PM »
The site appears to have been hacked, not good when it is flying the McAfee Secure logo ;D

After the closing HTML tag (a standards no, no) there is a hidden iframe tag, that I doubt is a legit counter going to hXXp://internetcountercheck.com.

Please 'modify' your post change the URL from www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

avast's network shield also has hXXp://internetcountercheck.com and firefox's safe browsing function doesn't like that site either.

Also see https://safeweb.norton.com/report/show?url=http%3A%2F%2Finternetcountercheck.com&x=12&y=8
« Last Edit: May 18, 2009, 06:47:33 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

udy

  • Guest
Re: Whizlabs warning
« Reply #2 on: May 18, 2009, 10:23:28 PM »
Thanks for your feedback. I have sent an email to those guys. I hope they'll come up with a fix.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33450
  • malware fighter
Re: Whizlabs warning
« Reply #3 on: May 18, 2009, 10:41:18 PM »
Hi udy,

Just to second DavidR here.
References to 1 suspicious domain found.
1 hidden external link found.
Code: [Select]
^IFrame^ hidden link - hxtp://internetcountercheck.com/..?click=2450484which is empty source - could not connect to site...

Malicious software includes 1 scripting exploit(s).

This site was hosted on 2 network(s) including AS15244 (ADDD2NET), AS21844 (THEPLANET).
It looks like it that wXw.whizlabs.com's malicous software has further infested one domain: e.g. tucows.in/. About the malware downloader JS.Tabletka.a read:
http://forum.kaspersky.com/lofiversion/index.php/t89433.html

About this sudden hack, read: http://wordpress.org/support/topic/243838

polonus
« Last Edit: May 18, 2009, 10:47:02 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Whizlabs warning
« Reply #4 on: May 18, 2009, 11:38:35 PM »
Hi folks,

I entered the wXw.whizlabs.com site for one of their product, and got a warning.

Is that site really a threat?

Thanks.
Yes, it is.
"HTML/Infected.WebPage.Gen - Malware" found in the page.

Description:
A common attack against the web infrastructure can be the infection of harmless web pages. Some malware changes every HTML file stored on the disc and adds a link (very often an IFrame) to a site hosting malicious code. Other attacks can aim for the web servers and try to insert forwarding to the pages hosted there. The owner of these pages is advised to take them offline. Fix the hole (either on his own PC or on the server), check the pages for infections, clean them and go online again. Infected Web Pages often contain additional Iframe, Object or Script Tags. The Script Tags often contain encrypted Code.
Twitter: https://twitter.com/OmidFarhangEn - OS: Arch Linux