Only three av will detect (one of which is good old avast!): https://www.virustotal.com/nl/file/607255ccc56416deafe9d9029c7a8d0d9ff6b0fc07ba6e7ba2f9a04eec4708d4/analysis/
See: https://www.virustotal.com/nl/domain/lacusk.com/information/
and http://sitecheck.sucuri.net/results/lacusk.com/ as
and the misrepresentation from here: http://www.domaintuno.com/?
reported to WOT: domaintuno.com/d/lacusk.com?
polonus
Well here avast! Web Shield detects JS:Decode-BDD[Trj] →
Trustwave flags site as wirh potential virus behavior, despite this: http://www.statscrop.com/www/napsugarpiheno.hu
pol
[b]Only three av will detect[/b] (one of which is good old avast!)well.... only fresh info is correct info ;) https://www.virustotal.com/nb/file/607255ccc56416deafe9d9029c7a8d0d9ff6b0fc07ba6e7ba2f9a04eec4708d4/analysis/1403126193/
there is also infection in the js file
https://www.virustotal.com/nb/file/95dac0b1f4ec04ff35fd5100fe4ea26c13db626edaf0d2d9249a7c7e32054f7f/analysis/1403126629/
Killmalware http://killmalware.com/lacusk.com/
urlQuery http://urlquery.net/report.php?id=1403127074061
UP http://www.UnmaskParasites.com/security-report/?page=lacusk.com
Here avast! Web Shield detects JS:Iframe-DWL[Trj] → iframes found:
http://sitecheck.sucuri.net/results/choicesupports.org
Code: 302, htxp://jerezdeloscaballeros.org/ewsn.html?h=755681
Redirect to external server!
Excessive header info proliferation: apache/2.2.22 (unix) mod_ssl/2.2.22 openssl/0.9.8e-fips-rhel5 dav/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 frontpage/5.0.2.2635
spreading excessive attack info globally and to potential attackers, read:
→ http://www.brianhaddock.com/2011/gaining-shell-access-via-local-file-inclusion-vulnerabilities
→ http://www.exploit-db.com/exploits/19713/
pol
Hi Pondus,
According to Netcraft VirusTotal site is still vulnerable to Heartbleed: http://toolbar.netcraft.com/site_report?url=https://www.virustotal.com
The site offered the Heartbeat TLS extension prior to the Heartbleed disclosure. The extension is now disabled, but the server is still using the same certificate.LastPass gives it clean, probably based on more recent information:
Site: www.virustotal.com Server software: Google Frontend Was vulnerable: Possibly (might use OpenSSL, but we can't tell) SSL Certificate: The current cert appears to have been reissued recently, likely now safe (2 weeks ago) Assessment: Certificate now looks safe, go ahead and change your password
polonus
urlquery confirms redirect: http://urlquery.net/report.php?id=1403207429027
Another example where avast! Web Shield correctly detects and blocks JS:Agent-BDA[Trj] in the browser executable, threat comes from here: Object: htxp://www.buah-ara.blogspot.com/
SHA1: 50b1069472df5906b9e160b072c7bcb67011c6ac
Name: TrojWare.JS.Agent.JM
We are being protected,
pol
See: http://sitecheck.sucuri.net/results/webklavye.com
and: http://app.webinspector.com/public/reports/22667027
avast WebShield detects JS:Downloader-KS[Trj]
polonus
Faced with an inconclusive result
See: http://urlquery.net/report.php?id=1403450287527 missed
and http://quttera.com/detailed_report/bytegraf.com missed
Detected: https://www.virustotal.com/nl/url/f87f84e5806d499cc27b9335c565630cc984c8996a7584ee026e18d5083c7d8e/analysis/1403450530/
avast! Webshield blkocks as URL:Mal, but does not specify URL is subjected to threat Mal/HTMLGen-A,
while this appears to be down.
Damian
avast! Web Shield blocks and detects JS:Ifarme-CSU[Trj] on see:
https://www.virustotal.com/nl/url/5df585f6dce21560a0ed0104edc78b8256b4163f7a88067cfe2b94852c3bde37/analysis/
and http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2F1903bjk.org
and
http://urlquery.net/report.php?id=1403694178767 (see recent reports on same IP)
polonus
iFrame malware here: htxp://coherence090611.cocolog-nifty.com/JSTAG_3[d46][108] infected with JS.IFrame.312
avast! Web Shield blocks and detects as JS:Iframe-EO[Trj]
we are being protected,
polonus
killmalware http://killmalware.com/www.1903bjk.org/#
sucuri http://sitecheck.sucuri.net/results/www.1903bjk.org/
https://www.virustotal.com/nb/file/2bae36c08431189372a1cfefd99f29036b105705054058888b0dff425a476344/analysis/1403714603/
but not on html ???
https://www.virustotal.com/nb/file/696e8cdebb8f0c679fbcd8b0209ae63227b6b07cf105c5a0c041635e4192a7b4/analysis/
Due to interference of direct avast! Web Shield blocking of code detected, Dr Web’s url checker scan and several others cannot connect and won’t give scan results.
polonus
Well, there’s a workaround for that. Set up more than one system running other major a/v’s that don’t block or detect what avast! does, and you can see what scan results you’re not seeing. Think that’s a good way to do it. Of course, you might have to reload your os more often…