Author Topic: URL protection not working ?  (Read 7243 times)

0 Members and 1 Guest are viewing this topic.

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #15 on: April 18, 2012, 08:52:15 PM »
I have default actions, have not edited anything.

- Which avast!..?? (Free/Pro/IS)
- Which version..??
- OS..?? (32/64 Bit..? - which SP..?)

Avast 7.0.1426 Free
Windows 7 Pro 64bit

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #16 on: April 18, 2012, 08:55:44 PM »
I have default actions, have not edited anything.

- Which avast!..?? (Free/Pro/IS)
- Which version..??
- OS..?? (32/64 Bit..? - which SP..?)

Avast 7.0.1426 Free
Windows 7 Pro 64bit

OK, thanks. I'll try to get someone from the viruslab to take a look at this thread.

Edit: Outdated Java.
« Last Edit: April 18, 2012, 09:35:39 PM by Asyn »
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: URL protection not working ?
« Reply #17 on: April 18, 2012, 08:57:00 PM »
well, this is what wepawet say
http://wepawet.iseclab.org/view.php?hash=9e8b06dbe3a981b01e494e2950aa2d60&t=1334773515&type=js


Text Form of Oracle Java SE Critical Patch Update - February 2012 Risk Matrices
http://www.oracle.com/technetwork/topics/security/javacpufeb2012verbose-366319.html

Quote
CVE-2012-0507

   Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are 7 Update 2 and before, 6 Update 30 and before and 5.0 Update 33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.

Note: Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

ESET Threat Blog - Blackhole, CVE-2012-0507 and Carberp
http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp



so is your java updated ?



« Last Edit: April 18, 2012, 09:05:13 PM by Pondus »

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #18 on: April 18, 2012, 09:07:20 PM »
Does the PRO version has a better web shield or if i've infected with free, i would be with Pro as well ?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #19 on: April 18, 2012, 09:09:30 PM »
Does the PRO version has a better web shield or if i've infected with free, i would be with Pro as well ?

WS is the same in all products.
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #20 on: April 18, 2012, 09:15:05 PM »
well, this is what wepawet say
http://wepawet.iseclab.org/view.php?hash=9e8b06dbe3a981b01e494e2950aa2d60&t=1334773515&type=js


Text Form of Oracle Java SE Critical Patch Update - February 2012 Risk Matrices
http://www.oracle.com/technetwork/topics/security/javacpufeb2012verbose-366319.html

Quote
CVE-2012-0507

   Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are 7 Update 2 and before, 6 Update 30 and before and 5.0 Update 33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.

Note: Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

ESET Threat Blog - Blackhole, CVE-2012-0507 and Carberp
http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp



so is your java updated ?

No, my Java was not really updated. I've just updated, maybe this is the cause of the infection ?


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: URL protection not working ?
« Reply #21 on: April 18, 2012, 09:22:18 PM »
well it is a java exploit...so when you patch/update the exploit wont work, even if not detected.....so updating give you extra protection   ;)
there is lots of smart people out there that turn off windows update  ::)

check with secunia online scan to see if you have more that need update    http://secunia.com/products/consumer/osi/online/
« Last Edit: April 18, 2012, 09:23:49 PM by Pondus »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #22 on: April 18, 2012, 09:24:58 PM »
No, my Java was not really updated.

 :o ::)
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #23 on: April 18, 2012, 09:28:43 PM »
well it is a java exploit...so when you patch/update the exploit wont work, even if not detected.....so updating give you extra protection   ;)
there is lots of smart people out there that turn off windows update  ::)

check with secunia online scan to see if you have more that need update    http://secunia.com/products/consumer/osi/online/

To make sure the problem was the outdated java, i would have to navigate to the site again... but i'm tired to clean up the virus, won't do it by now ...

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #24 on: April 18, 2012, 09:54:12 PM »
well it is a java exploit...so when you patch/update the exploit wont work, even if not detected.....so updating give you extra protection   ;)
there is lots of smart people out there that turn off windows update  ::)

check with secunia online scan to see if you have more that need update    http://secunia.com/products/consumer/osi/online/

To make sure the problem was the outdated java, i would have to navigate to the site again... but i'm tired to clean up the virus, won't do it by now ...

Ok, i could not help the curiosity, so i navigate to the site.

And BINGO, i'm not infected anymore, after update java. It seems this was the cause of the problem.

I will do more tests.

Thanks for the information !

I'm a software developer and for years i runned away from anti-virus because they always slow down the computer. Unhappy it seems nowadays is impossible to live without one , so last month i started to use Avast.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #25 on: April 18, 2012, 09:59:19 PM »
well it is a java exploit...so when you patch/update the exploit wont work, even if not detected.....so updating give you extra protection   ;)
there is lots of smart people out there that turn off windows update  ::)

check with secunia online scan to see if you have more that need update    http://secunia.com/products/consumer/osi/online/

To make sure the problem was the outdated java, i would have to navigate to the site again... but i'm tired to clean up the virus, won't do it by now ...

Ok, i could not help the curiosity, so i navigate to the site.

And BINGO, i'm not infected anymore, after update java. It seems this was the cause of the problem.

I will do more tests.

Thanks for the information !

I'm a software developer and for years i runned away from anti-virus because they always slow down the computer. Unhappy it seems nowadays is impossible to live without one , so last month i started to use Avast.

It's vital to keep your OS and other software udated...!!!!!!! ;)
Else no AV can protect you. :P
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #26 on: April 18, 2012, 10:01:32 PM »
well it is a java exploit...so when you patch/update the exploit wont work, even if not detected.....so updating give you extra protection   ;)
there is lots of smart people out there that turn off windows update  ::)

check with secunia online scan to see if you have more that need update    http://secunia.com/products/consumer/osi/online/

To make sure the problem was the outdated java, i would have to navigate to the site again... but i'm tired to clean up the virus, won't do it by now ...

Ok, i could not help the curiosity, so i navigate to the site.

And BINGO, i'm not infected anymore, after update java. It seems this was the cause of the problem.

I will do more tests.

Thanks for the information !

I'm a software developer and for years i runned away from anti-virus because they always slow down the computer. Unhappy it seems nowadays is impossible to live without one , so last month i started to use Avast.

It's vital to keep your OS and other software udated...!!!!!!! ;)
Else no AV can protect you. :P

Yep, i know, i do a Windows Update everyday. Somehow my Java Update was turned off, don't know why.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: URL protection not working ?
« Reply #27 on: April 18, 2012, 10:47:57 PM »
Here avast Web Shield is flagging JS:Redirector-OM[Trj]

wXw.phabrica.com.br/wp-content/themes/Phabrica/epanel/shortcodes/js/frontend.js?ver=1.6 benign
[nothing detected] (script) wXw.phabrica.com.br/wp-content/themes/Phabrica/epanel/shortcodes/js/frontend.js?ver=1.6
     status: (referer=wXw.phabrica.com.br/wp-content/themes/Phabrica/js/superfish.js|)saved 9793 bytes 02a654b972e328d7d71dacd9dfc85505ee154e6c
     info: [decodingLevel=0] found JavaScript
     suspicious but I see a HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8  according to http://urlquery.net/report.php?id=44009
But here we see it all: http://sitecheck.sucuri.net/results/http://www.phabrica.com.br
malware found on javascript : http://sucuri.net/malware/malware-entry-mwjs69693  various instances
and hidden iframes various instances: http://sucuri.net/malware/entry/MW:IFRAME:HD202
and javascript included from a blacklisted domain: http://sucuri.net/malware/entry/MW:BLK:2

So malware galore and site probably hacked via PHP plug-in/theme,

polonus
« Last Edit: April 18, 2012, 10:50:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #28 on: April 18, 2012, 11:35:28 PM »
Here avast Web Shield is flagging JS:Redirector-OM[Trj]

wXw.phabrica.com.br/wp-content/themes/Phabrica/epanel/shortcodes/js/frontend.js?ver=1.6 benign
[nothing detected] (script) wXw.phabrica.com.br/wp-content/themes/Phabrica/epanel/shortcodes/js/frontend.js?ver=1.6
     status: (referer=wXw.phabrica.com.br/wp-content/themes/Phabrica/js/superfish.js|)saved 9793 bytes 02a654b972e328d7d71dacd9dfc85505ee154e6c
     info: [decodingLevel=0] found JavaScript
     suspicious but I see a HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8  according to http://urlquery.net/report.php?id=44009
But here we see it all: http://sitecheck.sucuri.net/results/http://www.phabrica.com.br
malware found on javascript : http://sucuri.net/malware/malware-entry-mwjs69693  various instances
and hidden iframes various instances: http://sucuri.net/malware/entry/MW:IFRAME:HD202
and javascript included from a blacklisted domain: http://sucuri.net/malware/entry/MW:BLK:2

So malware galore and site probably hacked via PHP plug-in/theme,

polonus

Thank you for the info ; after update java i'm no more being infected by this site.