JS:Bulered

[DavidR]

The problem with obfuscated javascript it isn't easy to see what is being done much less if it is redirecting and to where as the image example of the code on that page I posted earlier.

I have no tools to be able to do any analysis (I like the others trying to help are just avast users like yourself), but given the link polonous gave (in the quoted text) you can do as you have and look-up the domains and as you have found they are considered malicious. So there is a likelihood that avast too finds these malicious and effectively alerts to block access.

[polonus]

Hi Filter,

Yep, good observation, this is what google has to say about exist dot butterflyeffect dot gs and that was "De vorige keer dat verdachte inhoud op deze site werd aangetroffen (last time suspicious content was found), was op (was on) 2009-07-20. Malicious software includes 96 scripting exploit(s). This site was hosted on 1 network(s) including AS31103 (Keyweb AG).
The other one: ipot dot applepie dot gd forward slash privatezone Last time suspicious content was found on this site was on 2009-07-20
De vorige keer dat verdachte inhoud op deze site werd aangetroffen, was op 2009-07-20.
Malicious software includes 754 scripting exploit(s).
This site was hosted on 2 network(s) including AS41062 (PRO100), AS22576 (LAYER3).
Deze site heeft in de afgelopen 90 dagen schadelijke software gehost. Deze software heeft 361 domein(en) geïnfecteerd, waaronder xvediox.com/, flashost.com.br/, coralhillsresort.com/.
This site has been hosting malcode during the last 90 day period. This software has been infected 361 domains, e.g. :  xvediox.com/, flashost.com.br/, coralhillsresort.com/.
Just delving a little into this and you see what we come up with. Easy answers won't do, confront them with this - what does the obfuscated code do on that web page?

polonus

[Filter]

Thanks, both of you. This should be more than enough evidence.  

Have to say that I came to understand alot more about JS:Bulered

[DavidR]

You're welcome, good luck.

[polonus]

Ha Filter,

Het genoegen was wederzijds, wij leren hier ook weer van. Je begrijpt dat dit recentelijk steeds belangrijker aan het worden is omdat CyberCrook & Co het nu via deze listigheidjes voorzien heeft op de betrouwbare kleinere websites, die hier niet zo op verdacht zijn. Avast heeft hier speerpunt technologie en de avast schilden werken goed. Ook is het altijd verstandig een browser met script blocker te gebruiken, ik zweer bij Firefox met NoScript. NoScript is nog geen enkele keer verslagen als je de malcode maar niet whitelist en daarom is het besmetten van normaliter betrouwbare veilige sites zo'n gevaarlijke zaak. Welkom op onze forums, blijf hier komen met je vragen en blijf ons inspireren. Ik wens je veiligheid online en blijf malware vrij,

polonus aka Damiaan

[Filter]

Bedankt. Ben al heel lang blij met Avast Ik blijf hier zeker rondhangen!

[scurrminator]

hello guys,

i am having the same issue, my site is getting hacked again and again, i always remove the same malicious code from my phpbb3, coppermine, wordpress and the static web pages one by one but its there again after a day or two, contacted my webhosting company but they dont have any solution, my avast antivirus used to tell me that i have some JS:Bulered virus in my pages but i used to ignore till i started getting this on my website hXXp://www.intcube.com though my cpanel was never hacked and i am still able to use it, saw a few posts in the avast forums and some others aswell but no one knows about the exact nature of this malware

http://www.hackthissite.org/forums/viewtopic.php?f=29&t=3849!
http://forum.avast.com/index.php?topic=46176.0
http://forum.avast.com/index.php?topic=46919.0

after going through google advisory pages, i changed my password after cleaning pages from various computers but whenever i would logon my pages would again be infected with the code mentioned above, google says



i checked lemonia.ws google advisory pages and it clearly shows that its the source of virus,



in june there was nothing regarding js:bulered malware in google search, but now we're having alot of forums where people are discussing this, think its spreading more and more and may be some one would help us too, can any one suggest what should i do?

[Lisandro]

Please, do not post twice the same. Just double the effort of helping.
Follow http://forum.avast.com/index.php?topic=46176.0;topicseen