« previous next »
Pages: [1]   Go Down

Author Topic: IDS flags Blackhole on site, others give clean....avast webshield protects  (Read 1558 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33920
  • malware fighter
IDS flags Blackhole on site, others give clean....avast webshield protects
« on: May 16, 2012, 12:00:06 AM »
Hi forum friends,

See: http://zulu.zscaler.com/submission/show/a85c1235f6198e18d8c64d3665d103bd-1337118425   a green 15/100 benign (reported there)
http://urlquery.net/report.php?id=55898  flags ET CURRENT_EVENTS Blackhole Landing for prototype catch substr
Discussion of mentioned Emergingthreats sigs for ET CURRENT_EVENTS Possible Request for Blackhole Landing Page  (class type:trojan-activity)
-> : http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/16217 (rules given by Kevin Ross)
IDS rules can only be used as additional form of protection and need a fully scaled JS interpreter installed as well next to it.
Malware is flagged as  unknown_html_google_malware, but google safebrowsing now gives it as safe.

But the avast webshield flags this as JS:Blacole-K[Trj]
Again my good forum friends we are being protected here by the avast webshield!

polonus
« Last Edit: May 16, 2012, 01:10:50 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: IDS flags Blackhole on site, others give clean....avast webshield protects
« Reply #1 on: May 16, 2012, 12:55:01 AM »
Thanks for the heads up Polonus :)
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »