Author Topic: WEEBLY websites related as virus!  (Read 11695 times)

0 Members and 1 Guest are viewing this topic.

lauter.linux

  • Guest
WEEBLY websites related as virus!
« on: May 10, 2012, 05:45:32 AM »
hi,

we have our website developed and hosted with weebly (http://weebly.com).
last week, avast users reported a message of malicious url (URL:MAL).

i saw that it's not happening only with our website, but i found another weebly based website with the same problem.
i tryed to add an exception in avast configuration, but it's not possible because the 'network module' does't give the possibility to any configuration.

i belive that's nothing wrong with our website.
if it is, how could I know what is happening?
anyone have any idea about how could I solve this problem?

our websites are:
http://faculdade--------.weebly.com (reported with URL:MAL)
http://portal---.weebly.com (is part of the same website, but this address is OK)
http://---sb.weebly.com (another website with the same problem)

thanks in advance,

lauter.linux
« Last Edit: May 10, 2012, 02:03:25 PM by lauter.linux »

Offline AntiVirusASeT

  • Poster
  • *
  • Posts: 462
Re: WEEBLY websites related as virus!
« Reply #1 on: May 10, 2012, 06:05:48 AM »
please remove link to ur websites in case it is indeed infected.

wait for other users to post their findings
« Last Edit: May 10, 2012, 06:53:53 AM by AntiVirusASeT »

Offline AntiVirusASeT

  • Poster
  • *
  • Posts: 462
Re: WEEBLY websites related as virus!
« Reply #2 on: May 10, 2012, 06:53:15 AM »
for weeby: http://zulu.zscaler.com/submission/show/c9c80e511e59806568d623e9d5ccb971-1336622806 (suspicious)
                  http://www.urlvoid.com/scan/weebly.com/ (detected 3/24)
                  http://sitecheck.sucuri.net/results/weebly.com/ (not detected)
                  https://www.virustotal.com/file/7634d68f460b10c7253fdb0b2cbb5007bb68e16ca4afc5f3a96d4ee4438faddc/analysis/1336623022/
                  BrightCloud analysis (96/100 reputation)

for hxxp://faculdadepioneira.weebly.com/: http://zulu.zscaler.com/submission/show/08c28a1b8b3ce225fff44f60a89ef5a5-1336623932 (suspicious)
                                                                    http://sitecheck.sucuri.net/results/faculdadepioneira.weebly.com/ (not detected)
                                                                    http://www.urlvoid.com/scan/faculdadepioneira.weebly.com/ (detected 1/31)
https://www.virustotal.com/file/8852e2f16018b2359ada7e21db4d575d715c5f8f8f47eb9498618af5d39f33ce/analysis/1336624130/
                                                                    BrightCloud analysis (96/100 reputation)

for hxxp://cbpsb.weebly.com/: http://zulu.zscaler.com/submission/show/8bed61462af4d611daa006223318b53d-1336625252 (suspicious)
                                                 http://sitecheck.sucuri.net/results/cbpsb.weebly.com/ (not detected)
                                                 http://www.urlvoid.com/scan/cbpsb.weebly.com/ (detected 1/31)
                                                 BrightCloud analysis (96/100 reputation)
https://www.virustotal.com/file/8cf18e230b2022ce3c530d2c714fdcc2d07423e1f09bd7f0a8c79579f8f82184/analysis/1336625462/

note that i am providing infomation on third party automated risk assessment of these websites. i am not saying if they are infected or not.
please wait for more experienced forum members to help u.
« Last Edit: May 10, 2012, 06:59:25 AM by AntiVirusASeT »

lauter.linux

  • Guest
Re: WEEBLY websites related as virus!
« Reply #3 on: May 10, 2012, 02:18:04 PM »
thanks for your post.

according with http://www.urlvoid.com, weebly.com have some subdomains infected with viruses.

the problem is that they have a huge number of subdomains. in fact they sell website hosting and development tools for anyone using their subdomains. other subdomains are not related with my website. but, if I understool correctly, my website have been acused as infected because of that.

i cannot understand why it does not occurs with ALL weebly subdomains, just with some of them.
it's also hard to belive that my website is really infected, because it was developed online, throught the weebly tool for making sites. there is no FTP access or something like that... and no direct code editing.

i really believe it's a false positive.
that is a big trouble for me, because right now no one user with avast can access our website.

i'll be thankfull for any help.

lauter.linux

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: WEEBLY websites related as virus!
« Reply #4 on: May 10, 2012, 11:03:51 PM »
Bonjour mes amis!

http://www.avgthreatlabs.com/sitereports/domain/cbpsb.weebly.com/ is misleading in every aspect.
First of all, it is checking Weebly.com, not the sub-domain. As one of the comments state, you can create a website full of viruses if you wanted too. That's why you don't allow the whole domain of weebly for NoScript. The sub-domain of a site you know is 100% clean would be more efficient.


HOWEVER, the IP address your URL has contains various malicious sites. 8 in total. See: http://www.urlvoid.com/ip/199.34.228.106/
Also: http://www.ipvoid.com/scan/199.34.228.106
Thus, your IP is treated as suspicious and avast! is preventing you from visiting your domain.


You can try to report your site here: http://www.avast.com/contact-form.php?loadStyles to see if they will remove IP block.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Weebly-Dustin

  • Guest
Re: WEEBLY websites related as virus!
« Reply #5 on: May 17, 2012, 01:21:55 AM »
Hi lauter.linux,

I'm part of the team in charge of reducing spam and abuse on Weebly's network. We agree that this block from Avast is a false-positive, and have contacted them to remove it. We have not yet heard back from them. We're really sorry about this, and we hope to have it resolved soon.

Thanks,
Dustin

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: WEEBLY websites related as virus!
« Reply #6 on: May 17, 2012, 02:14:43 AM »
Hi Dustin,

I'm given over 100 malicious elements for the IP from 2010-2012.

There's still one infected domain on 199.34.228.106. The potential malware's been up for over 1061 hours!
hXtp://viewonlines.weebly.com/
https://www.virustotal.com/file/08b56bb6d371682aa6e52952d39555fe0616ac24977cbfd9363fe15fdf285f02/analysis/
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Weebly-Dustin

  • Guest
Re: WEEBLY websites related as virus!
« Reply #7 on: May 17, 2012, 03:31:10 AM »
Hi Dustin,

I'm given over 100 malicious elements for the IP from 2010-2012.

There's still one infected domain on 199.34.228.106. The potential malware's been up for over 1061 hours!
hXtp://viewonlines.weebly.com/
https://www.virustotal.com/file/08b56bb6d371682aa6e52952d39555fe0616ac24977cbfd9363fe15fdf285f02/analysis/

Hi Donovan,

Thanks for replying. The site you've listed has been removed from our service since 2012-04-30 16:36:54. As we're a hosting service, it's not out of the question that some folks occasionally attempt to utilize us for abusive purposes. However, we take a very serious stance on anti-spam and anti-abuse, and these sites are often removed quickly (before users even see it), or immediately once reported to us.

If there's a specific valid threat that's preventing this block from being removed, please let us know. Otherwise, we've still received no feedback to justify this block.

Thanks,
Dustin