Author Topic: deleted  (Read 4515 times)

0 Members and 1 Guest are viewing this topic.

phangan

  • Guest
deleted
« on: April 03, 2010, 02:40:20 AM »
deleted
« Last Edit: April 03, 2010, 04:57:18 PM by phangan »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: infection or false positive? HTML:Script-inf
« Reply #1 on: April 03, 2010, 02:42:53 AM »
This page seems to be <suspicious>
http://www.UnmaskParasites.com/security-report/?page=phanganresorts.com

Diagnostic page for fobana2009dc.com
http://www.google.com/safebrowsing/diagnostic?site=fobana2009dc.com

Malicious software includes 39 exploit(s), 18 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 12 domain(s), including mesalina.pl/, kazaadownloadpro.com/, mariupol.com.ua/.

This site was hosted on 1 network(s) including AS32475 (SINGLEHOP).

phangan

  • Guest
deleted
« Reply #2 on: April 03, 2010, 02:49:13 AM »
deleted
« Last Edit: April 03, 2010, 04:56:42 PM by phangan »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698

phangan

  • Guest
deleted
« Reply #4 on: April 03, 2010, 02:57:21 AM »
deleted
« Last Edit: April 03, 2010, 04:57:43 PM by phangan »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: infection or false positive? HTML:Script-inf
« Reply #5 on: April 03, 2010, 03:07:08 AM »
The page does not seem to be hacked but it is this link (fobana2009dc.com) that seems to be the problem and have and endles amount of bad domains

But wait for Polonus advice, he is the expert on this
« Last Edit: April 03, 2010, 03:17:45 AM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89652
  • No support PMs thanks
Re: infection or false positive? HTML:Script-inf
« Reply #6 on: April 03, 2010, 03:46:05 AM »
The site most certainly has been hacked, I get two alerts one on the favicon.ico file also a common tactic in hacking sites as this is loaded by the browser for the little icon in the address bar. There may not be a favicon.ico file and that would be what kicks off the custom 404 error page, so I would also check out any custom 404 error page if you have one as I believe this is also affected.

It isn't just that there is a link to fobana2009dc.com but an inserted script tag, see images.

The fobana2009dc.com site is blocked by firefox safe browsing as an attack site, so avast is correct in blocking the script tag in the first instance.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

phangan

  • Guest
deleted
« Reply #7 on: April 03, 2010, 04:00:18 AM »
deleted
« Last Edit: April 03, 2010, 04:58:34 PM by phangan »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89652
  • No support PMs thanks
Re: infection or false positive? HTML:Script-inf
« Reply #8 on: April 03, 2010, 04:12:27 AM »
You're welcome, happy hunting.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

phangan

  • Guest
deleted
« Reply #9 on: April 03, 2010, 04:17:19 AM »
deleted
« Last Edit: April 03, 2010, 04:59:04 PM by phangan »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34049
  • malware fighter
Re: deleted
« Reply #10 on: April 03, 2010, 09:40:06 PM »
Hi folks,

NoVirusThanks gives it an all clean: http://scanner.novirusthanks.org/analysis/d4027c5084b37e4f4c011859a38a16b7/aW5kZXg=/

Google Safe Browsing gives it clean: Over the past 90 days, www.phanganresorts.com did not appear to function as an intermediary for the infection of any sites.


So must have been cleansed, avast shield does not flag it now,

polonus
« Last Edit: April 04, 2010, 11:50:02 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!