See: http://urlquery.net/report.php?id=16218
Avast webshield blocks the user from going there because of a trojan called JS:Redirector-KP[Trj]
See malware being logged here: http://sakrare.ikyon.se/log.php?id=22748
polonus
See: http://urlquery.net/report.php?id=16218
Avast webshield blocks the user from going there because of a trojan called JS:Redirector-KP[Trj]
See malware being logged here: http://sakrare.ikyon.se/log.php?id=22748
polonus
yepp, sure does
why does comodo say TestSignature ?
Wepawet
http://wepawet.iseclab.org/view.php?hash=ba91a2a5a123de58877badcb72af1998&t=1326663987&type=js
The Web Shield is actually the only one that catches things for me. Nothing ever gets as far where it would be detected by the file shield. The autosandbox has triggered a few times but only for unknown things that were actually safe. I would have to say that yes, the Avast Web Shield is in fact, great.
Hi Pondus,
Why? Good question, my friend. Heuristical find and in the logs you read that it does not have any reliable address for “Moved Permanently”,
see the code-link I give here for the offensive URL logged and look it up:
see: -http://jsunpack.jeek.org/?report=f4dffa024dd81d6cc9a133a59fe86394753e682a
Link given only for the security savvy, with ample script protection active and in a VM,
also consider this info: http://google.com/safebrowsing/diagnostic?site=mahasiddhatrading.com/
Again, Pondus, with your intruiging questions you have led polonus again to interesting additional background info for this malware, well done,
In the wepawet analysis the red link to: -http://android.womenthemanual.com/count
(the link that was not moved permanently, but actually “hidden” in clear sight
if we had looked a little closer. Good find, Pondus!!!)
avast webshield flag that url as infected with JS:Redirector-KP[Trj] as well…
Link is suspicious and found up by DrWeb’s url checker when scanned
DrWeb purples it as being suspicious:
Checking: =http://wepawet.iseclab.org/view.php?type=js&hash=47735c2c8ffe3d1ce195510427139efc&t=1325777340
Engine version: 7.0.0.11250
Total virus-finding records: 2538276
File size: 67.55 KB
File MD5: bd2bf93c9859bc264df45b3154829811
=-http://wepawet.iseclab.org/view.php?type=js&hash=47735c2c8ffe3d1ce195510427139efc&t=1325777340 probably infected with SCRIPT.Virus
=-http://wepawet.iseclab.org/view.php?type=js&hash=47735c2c8ffe3d1ce195510427139efc&t=1325777340 - archive JS-HTML
=-http://wepawet.iseclab.org/view.php?type=js&hash=47735c2c8ffe3d1ce195510427139efc&t=1325777340/JSTAG_1[10cc4][db] - Ok
=-http://wepawet.iseclab.org/view.php?type=js&hash=47735c2c8ffe3d1ce195510427139efc&t=1325777340/JSTAG_2[10dc9][52] - Ok
So the wepawet analysis should also be used with appropriate protection measures in place…
pol