Author Topic: URGENT : http://www.filmfestamiens.org  (Read 6149 times)

0 Members and 1 Guest are viewing this topic.

vincejami

  • Guest
URGENT : http://www.filmfestamiens.org
« on: September 07, 2011, 09:41:57 AM »
Could you please remove this url from you database, please!!!!

hxxp://www.filmfestamiens.org
« Last Edit: September 07, 2011, 04:41:45 PM by igor »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URGENT : http://www.filmfestamiens.org
« Reply #1 on: September 07, 2011, 11:21:26 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URGENT : http://www.filmfestamiens.org
« Reply #3 on: September 07, 2011, 12:19:36 PM »
Hi vincejami,

Break that link something like: -http://www.filmfestamiens.org/
or hxtp or wXw
Before avast blocks this I get alerts for:
- Oracle Java Web Start Plugin Command Line Argument Injection, CVE-2010-0886
- Oracle Java Applet2ClassLoader Remote Code Execution Exploit, CVE-2010-4452
- Java Plugin LaunchJNLP DocBase, CVE-2010-3552
See: http://www.google.com/safebrowsing/diagnostic?site=filmfestamiens.org
-rebotstat.com infected this site and 56 others,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

vincejami

  • Guest
Re: URGENT : http://www.filmfestamiens.org
« Reply #4 on: September 07, 2011, 04:09:44 PM »
Well, it seems to be the yahoo referencing  file that was infected... good joke from google. I do not think there is real infection, can you verify, because the damage is big enough!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: URGENT : http://www.filmfestamiens.org
« Reply #5 on: September 07, 2011, 04:18:13 PM »
according to Sucuri it is still there

found here
filmfestamiens.org
filmfestamiens.org/./?Tarifs&amp;lang=fr
filmfestamiens.org/?-En-direct-du-festival-&lang=fr
filmfestamiens.org/?-Post-production-&lang=fr
filmfestamiens.org/?-Scenario-&lang=fr
filmfestamiens.org/spip.php?breve39&amp;lang=fr


Information for Website Owners   http://stopbadware.org/home/webmasters
Tips for Cleaning & Securing Your Website  http://www.stopbadware.org/home/security
Protect your interwebs with Sucuri  http://sucuri.net/signup


« Last Edit: September 07, 2011, 04:24:25 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URGENT : http://www.filmfestamiens.org
« Reply #6 on: September 07, 2011, 04:38:33 PM »
Hi Pondus,

You are right. I just had a look at the source via a security proxy. See malscript below that is being flagged,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

vincejami

  • Guest
Re: URGENT : http://www.filmfestamiens.org
« Reply #7 on: September 07, 2011, 04:44:42 PM »
so that's it ... like this, thank you for ways you heldped me, such an aberration. we can see some organizations that would try a lot of things to keep being in the front place... or perhaps i'm wrong... nevermind. thanks

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: URGENT : http://www.filmfestamiens.org
« Reply #8 on: September 07, 2011, 04:48:59 PM »
Small question if you don't mind me asking how good is Sucuri when scanning website, because I've never heard of Sucuri ???
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

vincejami

  • Guest
Re: URGENT : http://www.filmfestamiens.org
« Reply #9 on: September 07, 2011, 04:51:53 PM »
 ;D

spg SCOTT

  • Guest
Re: URGENT : http://www.filmfestamiens.org
« Reply #10 on: September 07, 2011, 05:30:03 PM »
Small question if you don't mind me asking how good is Sucuri when scanning website, because I've never heard of Sucuri ???

Check most of Asyn's and Pondus' posts, they use it and it generally catches the scripts in the infected pages.  I would say quite effective
« Last Edit: September 07, 2011, 05:32:20 PM by spg SCOTT »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: URGENT : http://www.filmfestamiens.org
« Reply #11 on: September 07, 2011, 05:37:00 PM »
Small question if you don't mind me asking how good is Sucuri when scanning website, because I've never heard of Sucuri ???

You only have to look at some of the results, e,g, the image above. So it at the very least showing what it considers the suspect code rather than just saying it is infected.

If you also look at other evidence, such as the Wepawet link ginen by Pondus, you will see two hidden iframes (I hate anything hidden) and one of those goes to sidinggear.cu.cc. This domain is on the malware domains list, http://www.malwaredomainlist.com/mdl.php, use the search function.

So when you start to get cumulative instances of infection, suspicion then I would say the evidence is there, the site has most likely been hacked.

Firefox also blocks the sidinggear.cu.cc domain in the hidden iframe, see image.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URGENT : http://www.filmfestamiens.org
« Reply #12 on: September 07, 2011, 07:23:53 PM »
Hi vincejami,

DavidR is right, and this is what is being blocked:
2011-09-07 11:54:59   -http://sidinggear.cu.cc/showthread.php?t=82651514   97CEF9949D39A13816056AB110022887   95dot163dot66dot184   RU   Trojan.JS.Redirector.py
it is a site that directly or indirectly facilitates the distribution of malicious software or source code, see: http://www.urlvoid.com/scan/sidinggear.cu.cc

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

vincejami

  • Guest
Re: URGENT : http://www.filmfestamiens.org
« Reply #13 on: September 16, 2011, 10:15:54 AM »
now it's ok, thanks for all

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: URGENT : http://www.filmfestamiens.org
« Reply #14 on: September 16, 2011, 01:47:32 PM »
No problem, glad that you now have it resolved.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security