Author Topic: Site blacklisted but has it malcode on it?  (Read 3125 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32945
  • malware fighter
Site blacklisted but has it malcode on it?
« on: November 05, 2011, 03:31:14 PM »
See: http://urlquery.net/report.php?id=7445
Found this: -xtraliteroofsystems.co.uk/templates/vanilla/warp/js/dropdownmenu.js suspicious
[suspicious:2] (ipaddr:-178.18.113.205) on -ds183125-1.lcndedicated.com
 (script) - xtraliteroofsystems.co.uk/templates/vanilla/warp/js/dropdownmenu.js
http://www.google.com/safebrowsing/diagnostic?site=xtraliteroofsystems.co.uk
5 scripting exploits, 1 exploit.
same here: -lamborghiniclub.co.uk/media/system/js/caption.js suspicious
all due to maxruntime exceeded 10 seconds (incomplete) 0 bytes
The blacklisting could have been because of this one time malcious redirect:
-http://shdgul.xtraliteroofsystems.co.uk/pr/scrp.php via a hidden iFrame hack

pol
« Last Edit: November 05, 2011, 03:35:48 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84586
  • No support PMs thanks
Re: Site blacklisted but has it malcode on it?
« Reply #1 on: November 05, 2011, 05:44:18 PM »
Blacklisted by who ?

Many blacklists are of historic data and are slow to remove from a blacklist.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32945
  • malware fighter
Re: Site blacklisted but has it malcode on it?
« Reply #2 on: November 05, 2011, 10:12:08 PM »
Hi DavidR,

I checked this because I found it mentioned on a recent VirusWatch migration listing. That was from yesterday.

The malware landscape is an ever changing one. After reading the book Innocent Code recently, I became  further convinced that the web has an innumerate number of vulnerable sites on it (meaning there is no scientific method to tackle this problem profoundly). So there is an enormous amount of scanning going on, together with the know how that brings, to make users more aware of the threats out there and help them towards better protection. But we still have a long, long way to go. I think it makes sense, else I would not be doing this here.

Then I have to say there is not an online scanner out there and there is a large scala of them that will give the ultimate final results. You have to combine the results of various scanners and sometimes have to go and have a look at the code itself residing there to give a reliable verdict of the actual situation and what might be out there.

Blacklists and web rep lists are hopeless resources i.m.h.o. Just look here.
Well, I compared these two lists and they come up with different results:
http://www.checksitesafe.com/site/xtraliteroofsystems.co.uk
This gives you 40 points more: http://www.webutation.net/go/review/xtraliteroofsystems.co.uk

I know that site has Joomla on it and therefore it is prone to Joomla vulnerabilities,

polonus
« Last Edit: November 05, 2011, 10:14:39 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1053
  • Proud Community Member&Helper.
Re: Site blacklisted but has it malcode on it?
« Reply #3 on: November 05, 2011, 10:38:11 PM »
Hi DavidR,


 You have to combine the results of various scanners and sometimes have to go and have a look at the code itself residing there to give a reliable verdict of the actual situation and what might be out there.




polonus
So true.We need an online(literally) service which is able AT LEAST to check for code changes etc.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus