« previous next »
Pages: [1]   Go Down

Author Topic: FP on CyanogenMod forum?  (Read 3865 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
FP on CyanogenMod forum?
« on: January 12, 2012, 09:02:51 PM »
http://forum.cyanogenmod.com/topic/39846-malware-warning-when-visiting-this-site
http://forum.cyanogenmod.com/topic/39873-trojan-in-forum
http://forum.cyanogenmod.com/topic/39973-does-this-forum-have-a-virus

Can you please verify the links mentioned in these threads? The administrator is assuring me that there was a malicious code there but it's not anymore. But i'm not sure if he is correct. Detections are not from Network Shield but they are coming from Script Shield and Web Shield.
Though detected files are a bit strange. PNG's can't be malware...
Logged
Visit my webpage Angry Sheep Blog

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: FP on CyanogenMod forum?
« Reply #1 on: January 12, 2012, 09:15:06 PM »
Sucuri says: Domain blacklisted on the Opera browser (via AVG): forum.cyanogenmod.com
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37584
  • Not a avast user
Re: FP on CyanogenMod forum?
« Reply #2 on: January 12, 2012, 09:18:03 PM »
« Last Edit: January 12, 2012, 09:20:38 PM by Pondus »
Logged

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: FP on CyanogenMod forum?
« Reply #3 on: January 12, 2012, 09:21:58 PM »
Well, if you look at detection name it's not anything related to PNG malware. It's JS:redirector. That can't be right or i'm just missing something here.
Logged
Visit my webpage Angry Sheep Blog

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: FP on CyanogenMod forum?
« Reply #4 on: January 12, 2012, 09:25:34 PM »
Quote from: RejZoR on January 12, 2012, 09:21:58 PM
Well, if you look at detection name it's not anything related to PNG malware. It's JS:redirector. That can't be right or i'm just missing something here.

All your links give no alert here. So which alert do you get..??
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37584
  • Not a avast user
Re: FP on CyanogenMod forum?
« Reply #5 on: January 12, 2012, 09:33:53 PM »
Quote from: RejZoR on January 12, 2012, 09:21:58 PM
Well, if you look at detection name it's not anything related to PNG malware. It's JS:redirector. That can't be right or i'm just missing something here.

from link posted above

Quote
"Users may follow the instructions in the .PNG and save the file as a bitmap (.BMP) with the .HTA extension.
It is [now clear that the] decompressed file contains an image, some JavaScript and one or more executable files."
Logged

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: FP on CyanogenMod forum?
« Reply #6 on: January 12, 2012, 09:55:14 PM »
I'm currently on a system with Kaspersky, but it's also giving me alerts.

So basically if i understand this right, there is malicious data encoded inside PNG. The administrator there is saying to me that avast! is detecting files that aren't there anymore. I find that impossible. Web Shield cannot scan and detect non existant files. They have to be there to be scanned and detected.
Logged
Visit my webpage Angry Sheep Blog

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: FP on CyanogenMod forum?
« Reply #7 on: January 12, 2012, 10:02:01 PM »
Quote from: RejZoR on January 12, 2012, 09:55:14 PM
I'm currently on a system with Kaspersky, but it's also giving me alerts.

What do you mean with also..??
As said, avast! doesn't alert on your links. (See Reply #4)
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37584
  • Not a avast user
Re: FP on CyanogenMod forum?
« Reply #8 on: January 13, 2012, 12:02:32 AM »
Quote
Though detected files are a bit strange. PNG's can't be malware...
  ;)


Sophos lab
Quote
Hello,

 Thank you for contacting Sophos Technical Support.

The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.

av-206846.png -- identity created/updated (New detection Troj/ObfJs-AV)


Norman lab
Quote
av-206846.png : Processed - JS/Redir.GO


Avira lab
Quote
The file 'av-206846.png' has been determined to be 'MALWARE'.Our analysts named the threat JS/IFrame.IM.The term "JS/" denotes a Java scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates.




« Last Edit: January 13, 2012, 11:15:41 AM by Pondus »
Logged
Pages: [1]   Go Up
« previous next »