Author Topic: Again the avast webshield to save us - alerts JS:Agent-PG[Trj]  (Read 1625 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33748
  • malware fighter
Again the avast webshield to save us - alerts JS:Agent-PG[Trj]
« on: December 16, 2011, 03:41:01 PM »
Hi forum friends,

Polonus scanned this site: http://www.virustotal.com/url-scan/report.html?id=b4de24d155b0afe2d0543ae84f677bb8-1324041574  which has "mdl_Blackhole exploit kit to unknown_html_RFI" on it, and this malcode is not detected here: http://www.virustotal.com/file-scan/report.html?id=bcbc52b4b944ed2897109e1ab7dc0586ceb407f5bcce0bdf97dba972b1df4362-1324045317
and here: http://vscan.urlvoid.com/analysis/e4efd915d4a00c3b416c5994b964fd5b/bWFpbi1waHA=/
But it does not go under the avast webshield radar, because when I scan at urlquery.net, where it is veing detected as malcious -http://urlquery.net/report.php?id=12183
avast webshield disconnects me and detect the threat there as JS:Agent[Trj]. Well done!!
So remember, folks, keep the avast network shield and webshield up and running, they are very vital to your online protection!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37243
  • Not a avast user
Re: Again the avast webshield to save us - alerts JS:Agent-PG[Trj]
« Reply #1 on: December 16, 2011, 04:05:39 PM »
Sucuri say: Site blacklisted, malware not identified

Wepawet - Malicious - Help Center URL Validation Vulnerability   CVE-2010-1885
http://wepawet.iseclab.org/view.php?hash=b4de24d155b0afe2d0543ae84f677bb8&t=1324047858&type=js


urlQuery say: Detected Blackhole exploit kit v1.2 HTTP GET request

jsunpack say: malicious


VirusTotal
http://www.virustotal.com/file-scan/report.html?id=d36f7ebf276888480cbf20a2f46b4141e41fce38cace03add13576d5b7473b92-1324048144

« Last Edit: December 16, 2011, 04:25:49 PM by Pondus »