Author Topic: Exploit Blocked - JS:Pdfka-ARC [Expl]  (Read 3892 times)

0 Members and 1 Guest are viewing this topic.

1010101010101010101010101

  • Guest
Exploit Blocked - JS:Pdfka-ARC [Expl]
« on: December 05, 2010, 01:51:50 AM »
While visiting a web site I frequent everyday I got this warning from avast.
My Java software is completely up to date as is adobe reader/flash and also firefox, many people have been getting this warning on this web site and it seems to be associated with ( JAVA ) AND when it happened my java icon appeared in my system tray.

Any thoughts on whats going on with this condition.

**********************************************************************
EXPLOIT BLOCKED

Avast! Web shield has has blocked a harmful web page or file.

Object: http  ://giantosh.com/201009301256/lib/7092-023755628394

Infection: JS:Pdfka-ARC [Expl]

Action: Connection aborted

Process: C:\Program Files\Mozilla Firefox\firefox.exe
**********************************************************************
« Last Edit: December 05, 2010, 02:00:15 AM by 1010101010101010101010101 »

Hawk

  • Guest
Re: Exploit Blocked - JS:Pdfka-ARC [Expl]
« Reply #1 on: December 05, 2010, 02:04:27 AM »

EXPLOIT BLOCKED

Avast! Web shield has has blocked a harmful web page or file.

Object: http  ://giantosh.com/201009301256/lib/7092-023755628394

Infection: JS:Pdfka-ARC [Expl]

Action: Connection aborted

Process: C:\Program Files\Mozilla Firefox\firefox.exe
**********************************************************************

That means avast blocked some bad(infected) javascript file before you opened it.There is no harm done to your computer.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Exploit Blocked - JS:Pdfka-ARC [Expl]
« Reply #2 on: December 05, 2010, 08:05:23 AM »
Seems to be gone...
I get this: Domain does not exist or is unaccessible.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

mbrechet

  • Guest
Re: Exploit Blocked - JS:Pdfka-ARC [Expl]
« Reply #3 on: March 02, 2011, 05:55:54 PM »
Hi, I have the same problem on video-a-la-demande.orange.fr website, the exploit is JS:Pdfka-AYC. But the website is sure and the file is dojo.js that is an official file created with dojotoolkit framework.

I think it's a false positive case, will you correct this point ?

Have you got some explanation ?

Thanks for your responses
« Last Edit: March 02, 2011, 05:58:58 PM by mbrechet »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33870
  • malware fighter
Re: Exploit Blocked - JS:Pdfka-ARC [Expl]
« Reply #4 on: March 04, 2011, 10:46:52 PM »
Hi mbrechet,

Sucuri gives the site an all clean and also these links are found clean:
htxp://video-a-la-demande.orange.fr 
htxp://c.orange.fr/Js/o_oep.js 
htxp://c.orange.fr/Js/common_oep.js 
I get this maintanance report when trying to connect there:
Quote
Les sites Vidéo à la demande et Web TV évoluent...
Le service est interrompu le temps de mettre en mettre en oeuvre les évolutions.
Vous pouvez visionner sans aucun problème à partir de votre player Orange les vidéos que vous avez déjà téléchargées.
Le service sera de nouveau accessible dès 00h00.
Nous vous prions de bien vouloir nous excuser pour le désagrément.
L'équipe Vidéo Party

here it is also found clean: http://www.urlvoid.com/scan/video-a-la-demande.orange.fr
status code: 403. Forbidden.
But some interesting discussion links can be found here for this link to oep.js:
http://www.unmaskparasites.com/web-page-options/?url=http://c.orange.fr/Js/common_oep.js
Read on this e.g.: http://blog.unmaskparasites.com/2009/12/23/from-hidden-iframes-to-obfuscated-scripts/
various jsunpack links, this was the only recent one found:
htxp://jsunpack.jeek.org/dec/go?report=693e36cb8272f41daba319f279b4239b0edc8f68
but the site has had previous issues, certainly had,

polonus
       
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!