Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What malware is this?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: What malware is this? (Read 2114 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33916
malware fighter
What malware is this?
«
on:
August 27, 2011, 11:13:19 PM »
Look at this:
http://wepawet.iseclab.org/view.php?hash=f5f5edaa03c9a328734a20a71f91d842&t=1314478740&type=js
Detected here:
http://urlquery.net/report.php?id=2080
http://www.virustotal.com/url-scan/report.html?id=f5f5edaa03c9a328734a20a71f91d842-1314470742
polonus
«
Last Edit: August 28, 2011, 12:06:38 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37547
Not a avast user
Re: What malware is this?
«
Reply #1 on:
August 27, 2011, 11:24:19 PM »
It is a pdf exploit. This PDF is generated by "Blackhole exploit kit".
VirusTotal - 4229b.pdf
http://www.virustotal.com/file-scan/report.html?id=5c7a5910c52c40fe72ec2ccdc7cdb9a2171c23e3a9c244e50d0b4112d1ef7f91-1314479431
«
Last Edit: August 28, 2011, 10:56:01 AM by Pondus
»
Logged
Asyn
Avast Überevangelist
Certainly Bot
Posts: 76036
Re: What malware is this?
«
Reply #2 on:
August 27, 2011, 11:28:12 PM »
Report 2011-08-27 22:46:15 (GMT 1)
Website vorvwe.com
Domain Hash fb5483674f5e0d81b485f959c2617bde
IP Address 217.116.198.25 [SCAN]
IP Hostname -
IP Country TR (Turkey)
AS Number 49879
AS Name HOSTHANE ISIK Bilgisayar Internet ve Yayincil...
Detections 8 / 23 (35 %)
Status
DANGEROUS
http://amada.abuse.ch/?search=vorvwe.com
http://hosts-file.net/?s=vorvwe.com
http://www.malwaredomainlist.com/mdl.php?search=vorvwe.com
http://www.malwareblacklist.com/searchClearingHouse.php?search=vorvwe.com
Logged
W8.1
[x64]
-
Avast Free AV 23.3.8047.BC
[UI.757]
- Firefox ESR 102.9
[NS/uBO/PB]
- Thunderbird 102.9.1
Avast-Tools:
Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos):
https://forum.avast.com/index.php?topic=60523.0
polonus
Avast Überevangelist
Probably Bot
Posts: 33916
malware fighter
Re: What malware is this?
«
Reply #3 on:
August 28, 2011, 12:05:25 AM »
Hi Pondus & Asyn,
Nice write up on this embedded generic pdf exploit here:
http://feliam.wordpress.com/2010/01/13/generic-pdf-exploit-hider-embedpdf-py-and-goodbye-av-detection-012010/
(link author: feliam on pdf security blog)
Good avast seems to detect this embedded variant now, see:
http://www.virustotal.com/file-scan/report.html?id=43a1c87d38ab3e8b16bdef3ab676a059a48b63e5154cd11e9416ab40219c0258-1312667401
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What malware is this?