Author Topic: malware site?  (Read 1957 times)

0 Members and 1 Guest are viewing this topic.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32708
  • malware fighter
Re: malware site?
« Reply #1 on: May 28, 2012, 05:39:48 PM »
Malicious Obfuscated content found for that URL
Obfuscation could be de-obfuscated  as: "document.write('<a href=\"mailto:webcontactATsocialcam dot com\">Email Us<\/a>');"   

polonus   
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: malware site?
« Reply #2 on: May 28, 2012, 05:49:17 PM »
So any kind of obfuscated content will alert Zulu's Scanner?
Quote: "Malicious Obfuscated content found"


Also, if the webmaster wanted to prevent his email from being harvested, he could've used &#64; which decodes to @
Resource: http://www.asciitable.com/index/asciifull.gif
« Last Edit: May 28, 2012, 05:51:12 PM by !Donovan »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32708
  • malware fighter
Re: malware site?
« Reply #3 on: May 28, 2012, 05:52:12 PM »
Hi !Donovan,

For me it is just also a foolproof anti-spam measure, but it can also be used reversely,
eset detected cache poised for that site...
Conditional compilation used here to sniff: /*@cc_on!@*/ false
The alternative would naturally be: var isMSIE = /*@cc_on!@*/!1;

polonus
« Last Edit: May 28, 2012, 06:24:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36750
« Last Edit: May 28, 2012, 06:27:55 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32708
  • malware fighter
Re: malware site?
« Reply #5 on: May 28, 2012, 06:30:58 PM »
Hi Pondus & !Donovan,

That means that the Zcaler flag is because of the inline script flagged by Google Safebrowsing, but I think that was just obfuscation taken as a potential XSS problem, see: htxp://apidock.com/rails/ActionView/Helpers/UrlHelper/mail_to#355-Javascript-encoding-DOES-work- (poster Bounga on Flowdock blog gives the same encoded script). So I would say, verdict: false positive,

polonus
« Last Edit: May 28, 2012, 06:51:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!