Author Topic: this site is not bad right (moderator response apreeciated) (QUICK RESPONSE)  (Read 2689 times)

0 Members and 1 Guest are viewing this topic.

zzcool

  • Guest
i did a google search about someone who is a "hacker" and i found this site

http://www.mywot.com/en/scorecard/corraltutorials.webs.com

(please note this is the url to WOT the site is in the end of the url but i don't want to make it clickable)

can anyone tell me if it's bad

i accessed it through internet explorer who is protected by avast sandbox i also got avast internet security updated expires in august 2012

so can any expert just check the site for me i know i shouldn't get scared for small things like this but i can't help it i am

i would like a very quick answer doing a fast scan at the moment

edit avast quick scan found nothing doing a superantispyware scan

and please someone reply
« Last Edit: July 05, 2011, 01:39:46 PM by zzcool »

zzcool

  • Guest
can anyone please help me?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Well sucuri scanner say infected with this
http://sucuri.net/malware/malware-entry-mwdefaced01
from the screenshot it looks as some kind of joke?

see attached screenshot

unmask parasites and VirusTotal say clean and URLVoid will not give a result
« Last Edit: July 05, 2011, 11:15:46 PM by Pondus »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33489
  • malware fighter
Hi Pondus and zzcool,

Site has been hacked, see in the google search results at the top giving: H.A.C.K.E.D - XxxV1r0j4NxxX: -http://corraltutorials.webs.com/
I would do a MBAM scan also after an eventual visit of that site,
because see attached script threat found there, see attached gif

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33489
  • malware fighter
Hi Pondus,

Sucuri should have found it in real time, really, see here at the bottom, where it is mentioned:
http://tools.sucuri.net/?page=tools&title=blacklist&seeall=1&detail=d36eb5a495a9bee79a075e08fc0e3cd1

After is was hacked and defaced, the code was found up by a real-time JS_script de-obfuscation scanner. Won't give that link here, because it should not be abused. So I gave a representation as the gif image I have attached to the above posting,

for the exploit mentioned there, see: http://blog.trendmicro.com/new-ie-zero-day-exploit-cve-2010-0806/  author of above link is trendmicro's Valerie Boquiron (Technical Communications)

Unmasked parasites also give this external reference link as a gif image as suspicious:
http://www.google.com/safebrowsing/diagnostic?site=images.webs.com
Last time suspicious content was found there was on 2011-06-17, this resulted in the infection of one site e.g. no1 dot vn/

pol
« Last Edit: July 06, 2011, 12:36:09 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Norman lab confirms infected

Quote
corraltutorials.webs.com.htm : Processed - HTML/Agent.NA