Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Again the fabulous webshield to protect us: Threat detected!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Again the fabulous webshield to protect us: Threat detected! (Read 2656 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33921
malware fighter
Again the fabulous webshield to protect us: Threat detected!
«
on:
December 06, 2011, 04:40:16 PM »
Trying to go to this malware site: -http://fragarena.com.br/list.txt
Naturally you have the avast webshield up, and as a user you are being blocked immediately to even connect out there:
PHP.Agent-Z]Trj] detected.
See:
http://www.virustotal.com/url-scan/report.html?id=9a948c119f7608bac074fbc7f820bb01-1323181498
See:
http://www.virustotal.com/file-scan/report.html?id=8871737c0b2892dce267e1854751a984362a0e625fb894e8d663df1bd643670a-1323185277
Avast also neatly detects this PHP_CHAPLOIT.SMM malware as PHP:Agent-Z [Trj]
OK for the notorious virus hunters among us it was found in jsunpack list 4
(do not venture out there if not security savvy enough)
polonus
«
Last Edit: December 06, 2011, 04:43:43 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
!Donovan
Web Analyst
Avast Evangelist
Super Poster
Posts: 2219
Re: Again the fabulous webshield to protect us: Threat detected!
«
Reply #1 on:
December 07, 2011, 02:28:21 AM »
Studying the code, it uses a backtool action?
Why would they name the exploit backtool?
Also, it appears that this code calls the command prompt?
To think a website can call the command prompt.
Good thing it was detected by avast!
See attached.
«
Last Edit: December 07, 2011, 02:40:39 AM by Donovansrb10
»
Logged
Familiarize Yourself!
|
Educate Yourself!
|
Beautify Yourself!
|
Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
!Donovan
Web Analyst
Avast Evangelist
Super Poster
Posts: 2219
Re: Again the fabulous webshield to protect us: Threat detected!
«
Reply #2 on:
December 07, 2011, 11:46:56 PM »
All links are broken, so this coding probably wouldn't function correctly. Nice catch by avast!, though.
And...
Code:
[Select]
/* Parte Atualiza 02:48 12/2/2006 */
Plus attached. Recolored for fun.
«
Last Edit: December 07, 2011, 11:48:32 PM by Donovansrb10
»
Logged
Familiarize Yourself!
|
Educate Yourself!
|
Beautify Yourself!
|
Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
polonus
Avast Überevangelist
Probably Bot
Posts: 33921
malware fighter
Re: Again the fabulous webshield to protect us: Threat detected!
«
Reply #3 on:
December 07, 2011, 11:51:29 PM »
Hi Donovansrb10,
Thanks for explaining this malcode injection for us,
and good avast is protectiing the users against it,
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Again the fabulous webshield to protect us: Threat detected!