Author Topic: www.flightstats.com website trojan? (Read 4227 times)

rubybear · « **on:** November 26, 2011, 07:56:26 AM »

Avast! just blocked the travelers information website xww.flightstats.com, saying it is a Trojan Horse. I've been to this website many times in the past, so I'm wondering if it is either a false positive, or has the website actually been hijacked by a trojan?

mikaelrask · « **Reply #1 on:** November 26, 2011, 08:51:23 AM »

hey and welcome to the forum based on the result from the virustotal result i would say its a false threat:

http://www.virustotal.com/url-scan/report.html?id=be0873f7335ebec440adfa21924b3261-1304223613.

you could submit that to avast so they chance this.

fallow this instructions:

http://www.avast.com/contact-form.php?loadStyles

good luck

DavidR · « **Reply #2 on:** November 26, 2011, 02:01:21 PM »

Quote from: rubybear on November 26, 2011, 07:56:26 AM

Avast! just blocked the travelers information website xww.flightstats.com, saying it is a Trojan Horse. I've been to this website many times in the past, so I'm wondering if it is either a false positive, or has the website actually been hijacked by a trojan?

I have just visited the site (using firefox 8.0) and no alerts by avast, ensure that you have the latest virus definitions.

polonus · « **Reply #3 on:** November 26, 2011, 06:05:51 PM »

Seems to be OK according to: http://urlquery.net/report.php?id=9659

Analyzing the javascript there, I get these issues: -partner.googleadservices.com/gampad/service.js suspicious
[suspicious:2] (ipaddr:72.14.204.164) (script) -partner.googleadservices.com/gampad/service.js
status: (referer=-www.flightstats.com/go/Home/home.do)saved 5175 bytes 6dd283cf6a29dba6a5ad64c6aad86ebe35dfed3b
info: [javascript variable] URL=
info: [decodingLevel=0] found JavaScript
info: [decodingLevel=1] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
and here:
-www.plaxo.com/events?link= benign
[nothing detected] (jsvar) -www.plaxo.com/events?link=
status: (referer=-www.flightstats.com/go/jawr/1752544278/bundles/commonBundle.js)
Found up as Phishing in a listing via clean-mx 20090623-028990

polonus

rubybear · « **Reply #4 on:** November 27, 2011, 06:04:26 AM »

Thanks for the replies. I just went to the website again tonight, and it loaded fine, no problems. Not sure why Avast tagged it as a trojan last night. I didn't type in the website, I clicked on a link in my favorites, so it wasn't a typo on my part.

Oh well, as long as all is well now, I'm not going to report it as a false positive. I don't really know what happened...

DavidR · « **Reply #5 on:** November 27, 2011, 01:04:47 PM »

You're welcome.

The main thing is its resolved (so reporting as possible FP wouldn't find anything fi whatever it was is no longer detected).

Author Topic: www.flightstats.com website trojan? (Read 4227 times)

rubybear

www.flightstats.com website trojan?

mikaelrask

Re: www.flightstats.com website trojan?

DavidR

Re: www.flightstats.com website trojan?

polonus

Re: www.flightstats.com website trojan?

rubybear

Re: www.flightstats.com website trojan?

DavidR

Re: www.flightstats.com website trojan?