« previous next »
Pages: [1]   Go Down

Author Topic: Malicious VBS script detected here...  (Read 2907 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
Malicious VBS script detected here...
« on: June 12, 2010, 12:31:51 AM »
Hi malware fighters,

For the script see analysis here:
htxp://jsunpack.jeek.org/dec/go?report=7c4d6fe0548f7d978a575e6870a51902aaf20126
Here it is not detected, but reported as a possibility:
http://wepawet.iseclab.org/view.php?hash=1e696cac008fb8e642df536ba923ffd2&t=1276294790&type=js
Technical details:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-111215-5430-99&tabid=2

Various instances found: Virus
Threats found: 6

Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/presentations.html

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/publications.html

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/index.html

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/online_courses.html

   
Threat Name:    VBS.Invadesys.A
Location:    hxtp://www.andrews.edu/~marinho/

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/index2.html

   
   Heuristic Virus
Threats found: 4
Here is a complete list:
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/index2.html

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/online_courses.html

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/publications.html

   
Threat Name:    VBS.Invadesys.A
Location:    htxp://www.andrews.edu/~marinho/index.html

   
   Drive-By Downloads

Threats found: 1
Here is a complete list:
Threat Name:    VBS.Invadesys.A
File name:    c:\windows\system32\.vbs
Location:    htxp://www.andrews.edu/~marinho

part of VBS code see attached gif

   
« Last Edit: June 12, 2010, 12:36:13 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37534
  • Not a avast user
Re: Malicious VBS script detected here...
« Reply #1 on: June 12, 2010, 12:55:13 AM »
« Last Edit: June 12, 2010, 01:13:47 AM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
Re: Malicious VBS script detected here...
« Reply #2 on: June 12, 2010, 01:08:14 AM »
Hi Pondus,

So the script is detected, so I guess the site is then disconnected as well?
The second one was well worth reporting, hope avast will come to detect it soon..

pol
« Last Edit: June 12, 2010, 01:38:28 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »