Author Topic: Avast report on web site  (Read 4484 times)

0 Members and 1 Guest are viewing this topic.

tinchote

  • Guest
Avast report on web site
« on: September 02, 2010, 01:35:55 PM »
Hi everybody, avast is reporting a trojan on this site: http://www.adigma.com.mx/

It always reports the trojan JS:Redirector-CV. Sometimes it even reports it on favaicon.ico, other times on the main html.

The report appears on most pages on the site, even some that are only plain html with images (I copy the html below). Any advice will be appreciated :)


(Edit: now it's even reporting the trojan on some images, like this one: http://www.adigma.com.mx/Rally/Kamet/Etapa10_prev_ht34Sd23dfzsaA1_E.jpg)

« Last Edit: September 02, 2010, 01:39:03 PM by tinchote »

sdalgl72

  • Guest
Re: Avast report on web site
« Reply #1 on: September 02, 2010, 01:55:03 PM »
Looking at the links you have provided in a virtual machine and what Avast category of the infection I would suggest its not the fact that its html that it has been detected its because the java script inside the html has an infection in it.  Java script could be allowing the website to do something to you pc or download an infection.

tinchote

  • Guest
Re: Avast report on web site
« Reply #2 on: September 02, 2010, 02:19:22 PM »
Looking at the links you have provided in a virtual machine and what Avast category of the infection I would suggest its not the fact that its html that it has been detected its because the java script inside the html has an infection in it.  Java script could be allowing the website to do something to you pc or download an infection.

Thanks for looking at it. But code in the txt file has not javascript, and it still produces the alert. And what about the jpg image? Or the favaicon.ico file? Those two also produce the alert (sometimes).

Sorry if I'm annoying, I'm just trying to understand if this a real alert, because all the ones  I get don't look coherent to me. If I get an alert just saying "the script code in this page is malicious" then that's fine. But when I also get alerts on images, I don't understand anymore.

sdalgl72

  • Guest
Re: Avast report on web site
« Reply #3 on: September 02, 2010, 03:23:18 PM »
Sorry just wish I could help more not having access to my virtual machine I'm not going to load the site again but reading the source code you provided there is a hidden value it could be that however I am not sure.  Sorry I can't be anymore help.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Avast report on web site
« Reply #4 on: September 02, 2010, 04:54:40 PM »
I have just visited the site and browsed many of the pages and no alerts. I downloaded that image and avast doesn't alert on it and not detections on it from virustotal (42 AV scanners).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tinchote

  • Guest
Re: Avast report on web site
« Reply #5 on: September 02, 2010, 05:04:19 PM »
I have just visited the site and browsed many of the pages and no alerts. I downloaded that image and avast doesn't alert on it and not detections on it from virustotal (42 AV scanners).

Thanks! I'm not getting the alerts either now. I wonder what's going on.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Avast report on web site
« Reply #6 on: September 02, 2010, 06:27:42 PM »
Avast has in the past been very accurate in these detections and the most common attack now is from sites that have been hacked and these redirection scripts inserted.

I don't know if that was the case here and the site has been cleaned up, but that is a reasonable assumption.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tinchote

  • Guest
Re: Avast report on web site
« Reply #7 on: September 03, 2010, 01:12:54 AM »
Avast has in the past been very accurate in these detections and the most common attack now is from sites that have been hacked and these redirection scripts inserted.

I don't know if that was the case here and the site has been cleaned up, but that is a reasonable assumption.

Thanks. I wish avast was more clear/specific with the warnings.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Avast report on web site
« Reply #8 on: September 03, 2010, 02:20:01 AM »
I think it was pretty specific JS:Redirector-CV, a javascript redirector, there is only so much you can display in the alert window. Which in most cases is as a result of the site being hacked.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tinchote

  • Guest
Re: Avast report on web site
« Reply #9 on: September 03, 2010, 10:52:54 AM »
I think it was pretty specific JS:Redirector-CV, a javascript redirector, there is only so much you can display in the alert window. Which in most cases is as a result of the site being hacked.

Ok, after doing some more testing I have to wholeheartedly agree with you. I tried entering the site "manually" (i.e. via a telnet session), and indeed whatever request you send, an infected file comes back.

Kudos to avast, then  8)