Author Topic: Google.analytics.com.eliysgtkaj.info being blocked... (Read 5385 times)

Mr Smells · « **on:** February 16, 2010, 02:07:27 PM »

Avast has been blocking this on all sorts of websites for me (Amazon & Youtube most notably).

Is it just a false block/bug etc, or is it more sinister?

.: L' arc :. · « **Reply #1 on:** February 16, 2010, 02:28:04 PM »

Welcome to the forums Mr Smells,

Could you please post a sample of the alert message? You may take a screenshot or copy the details in avast logs.

DavidR · « **Reply #2 on:** February 16, 2010, 05:02:05 PM »

Given the URL in the title I would say that this particular case is correct as it looks like something trying to masquerade as google analytics.com when it is in fact eliysgtkaj.info (a really iffy domain name if I ever saw one). No record found for this domain name on a whois search.

Mr Smells · « **Reply #3 on:** February 16, 2010, 06:44:26 PM »

Yeah, I had a feeling it was something like that.

@the guy above, I'll attempt to recreate the circumstances.

Edit:

Alright, this is wierd.

I'd recreated the screenshot off Isohunt.com.

I went to tinypic to upload, this is what I got:

jsejtko · « **Reply #4 on:** February 16, 2010, 07:43:49 PM »

Hello,

this is not a false positive -> its probably the most intensive attack through ad-sites ever made. I'm currently working on blog post on this topic. The good news for you (if you are using avast! with current vps update) is that you are protected.

Best Regards
Jirka Sejtko

Mr Smells · « **Reply #5 on:** February 16, 2010, 08:29:42 PM »

It constantly is blocking it, on almost all the sites I use right now.

These include:

fallout.wikia.com

answers.yahoo.com

Google.com <- *facepalm*

Youtube.com

And others...

As long as it's currently blocking them, can I assume it's alright to go about my usual internet things?

jsejtko · « **Reply #6 on:** February 18, 2010, 02:40:29 PM »

Hello,

I'm sorry about the longer response. As far as we were monitoring the threat I can say that you are fully protected from it.

We have to wait, what will be the next step made by the bad guys. If you want some detailed information -> go to our blog: http://blog.avast.com/2010/02/18/ads-poisoning-–-jsprontexi/

Regards

DeLeMa1804 · « **Reply #7 on:** February 18, 2010, 11:46:32 PM »

Greetings -
I'm getting a similar msg from isoHunt but only if I search the site and the addr is a bit different :
"google.analytics.com.eututrywxvhd.info/kav/kav1.exe"
Thanks Avast guys !! I'm not seeing the block anywhere else as yet. I'm heading to your blog for more info as I support my own LAN and a couple of systems for my relatives. I'm not real savvy but, with 2 other jobs I don't have much time to learn so, appreciate all the help you guys have provided but, could you price your Bart Cd a little lower for us pore folk ?!? I tested it and it's truly awesome !!!
Thanks,
Denny

Author Topic: Google.analytics.com.eliysgtkaj.info being blocked... (Read 5385 times)

Mr Smells

Google.analytics.com.eliysgtkaj.info being blocked...

.: L' arc :.

Re: Google.analytics.com.eliysgtkaj.info being blocked...

DavidR

Re: Google.analytics.com.eliysgtkaj.info being blocked...

Mr Smells

Re: Google.analytics.com.eliysgtkaj.info being blocked...

jsejtko

Re: Google.analytics.com.eliysgtkaj.info being blocked...

Mr Smells

Re: Google.analytics.com.eliysgtkaj.info being blocked...

jsejtko

Re: Google.analytics.com.eliysgtkaj.info being blocked...

DeLeMa1804

Re: Google.analytics.com.eliysgtkaj.info being blocked...