Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Avast Webshield does detect exploit at rtysfalls dot info
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Avast Webshield does detect exploit at rtysfalls dot info (Read 2218 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33913
malware fighter
Avast Webshield does detect exploit at rtysfalls dot info
«
on:
March 17, 2011, 10:35:36 PM »
Where a lot of others do not alert, found 1 detection only here:
http://www.urlvoid.com/scan/rtysfalls.info
and where suspicious exploit is detected here:
http://wepawet.iseclab.org/view.php?hash=2c18b1040d934d5045048581b4edf24c&t=1300395983&type=js
with the corresponding
Anubis report:
http://anubis.iseclab.org/?action=result&task_id=1a94e20a47a4505643952343574696049
detected as Trojan-Dropper.Win32.Vedio (Sig-Id:1530272) (Ikarus)
the avast webshield alerts htxp://jsunpack.jeek.org/dec/go?report=a6e79b7af1bcefa50fa8a337964c32d84ecafacf
as JS.ShellCode-GR[Exploit] so the avast user is protected!
TrendMicro Site Safety detects: The latest tests indicate that this site contains malicious software or could defraud visitors.
Disease vector: Sites that directly or indirectly facilitate the distribution of malicious software or source code...
Site is blacklisted, but no malware identified by the free sucuri scanner...
Domain Name was Registered on 02 February,2011...., see:
http://www.robtex.com/dns/rtysl.com.html
Webutation misses italltogether:
http://www.webutation.net/go/review/rtysfalls.inf
polonus
«
Last Edit: March 17, 2011, 10:53:58 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
doktornotor
Guest
Re: Avast Webshield does detect exploit at rtysfalls dot info
«
Reply #1 on:
March 17, 2011, 11:11:24 PM »
Almost ended up reporting this as the "random blurb" spam
Could do with some formatting.
Otherwise, nice catch.
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33913
malware fighter
Re: Avast Webshield does detect exploit at rtysfalls dot info
«
Reply #2 on:
March 17, 2011, 11:24:42 PM »
Hi doktornotor,
Well the Anubis report says it all, that av should alert this, and avast webshield does. But when I scan the URL against virustotal.com you can understand my initial concern:
http://www.virustotal.com/url-scan/report.html?id=2c18b1040d934d5045048581b4edf24c-1300396452
Firefox Clean site
G-Data Clean site
Google Safebrowsing Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
Downloaded file analysis does not make me that happy either:
http://www.virustotal.com/file-scan/report.html?id=08fdfdc0c63871889e918e8aa797454a400655574d9cce9272f4a51d93049839-1300400272
Two flags:
TrendMicro 9.200.0.1012 2011.03.17 Possible_Hifrm-5
TrendMicro-HouseCall 9.200.0.1012 2011.03.17 Possible_Hifrm-5
See:
http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=Possible_Hifrm-5
The exploit is detected by the avast webshield, but what about the trojan-dropper there?
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37547
Not a avast user
Re: Avast Webshield does detect exploit at rtysfalls dot info
«
Reply #3 on:
March 18, 2011, 07:46:26 AM »
Norman analysis confirms infected
Quote
wxw.rtysfalls.info.htm Processed -
HTML/IFrame.IP
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Avast Webshield does detect exploit at rtysfalls dot info
