Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Infected javascript undetected?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Infected javascript undetected? (Read 1631 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Infected javascript undetected?
«
on:
February 05, 2012, 06:33:13 PM »
This is the url scan at VT:
https://www.virustotal.com/url/acdc0c4b4bfcccf522501ba4685fd93c3ff03c83bbdf033fb071b1903f10e105/analysis/1328461510/
Here the script flagged at unmasked parasites:
http://www.UnmaskParasites.com/security-report/?page=zavesata.com/page.php%3F158%3Ascript11%3D
Given clean:
http://siteinspector.comodo.com/public/reports/228166
No alerts at urlquery.net:
http://urlquery.net/report.php?id=19241
Suspicious at wepawet:
http://wepawet.iseclab.org/view.php?hash=a5308ea80bc71e943af34a21c947ae51&t=1328462395&type=js
Trojan downloader not detected by avast? re:
http://vscan.urlvoid.com/analysis/4c684bd1136f332144cbfe96101352dc/cGFnZS1waHA=/
DrWeb url scanner detects: -http://zavesata.com/page.php?158:script11=/JSTAG_2[7a29][dce] infected with VBS.Psyme.377
Bitdefender TrafficLight also flags the site as malware site.
reported to virus AT avast dot com,
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
!Donovan
Web Analyst
Avast Evangelist
Super Poster
Posts: 2219
Re: Infected javascript undetected?
«
Reply #1 on:
February 05, 2012, 06:48:56 PM »
The PHP page is very nasty indeed, Polonus.
I'll PM you about what I found, it can't be discussed here.
Logged
Familiarize Yourself!
|
Educate Yourself!
|
Beautify Yourself!
|
Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Re: Infected javascript undetected?
«
Reply #2 on:
February 05, 2012, 09:29:05 PM »
Hi Donovansrb10,
No, we won't touch any details of this, but generally a few remarks on this redirecting malcode.
This is a variant on the so-called Media Temple Malware Issue. The method has been with us for quite some time now. Those redirecting domains, encoded inside a JS file, may differ. Also the methods have become more and more refined. See malware description here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanClicker%3AJS%2FIframe.F&ThreatID=-2147335922
Well the suspicious obfuscated inline script pattern should stand out for detection and avast webshield should detect this really as JS:Downloader-IR[Trj]. About plug-in vulnerability on this site, see:
http://e107.org/e107_plugins/forum/forum_viewtopic.php?139119
(link source = e107 Content managment system forum, and post author = CSDave),
polonus
«
Last Edit: February 06, 2012, 01:19:08 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Infected javascript undetected?