AntiCopas.js - Avast's VBS:Agent-KZ [Trj] notofication..website defaced!

Detected where: http://killmalware.com/nwjewelrycreations.com/
100/100% malicious: http://zulu.zscaler.com/submission/show/d4b201dacfdff26bc408f3e6be861305-1431126563
flagged: https://www.virustotal.com/nl/url/400a96aa2ed34af631cc9c6e3c56384fdf0eb348932c09fdbd991c44e824383d/analysis/
index.html
Severity: Malicious
Reason: Detected malicious drive-by-download attack
Details: Malicious obfuscated JavaScript threat
Offset: 17079
Threat dump:

[DropFileName = "svchost.exe"^^WriteData = ]

Threat dump MD5: 4667FB094040103F5F964564346C0007
File size[byte]: 130169
File type: HTML
Page/File MD5: E3F1A5628CF8F7D4C72EB5F4704914D9
Scan duration[sec]: 0.025000

Blacklisted here and elsewhere: https://yandex.com/infected?l10n=en&url=nwjewelrycreations.com&redircnt=1431126954.1

On AntiCopas.js read: http://www.leakedin.com/2013/08/17/potential-leak-of-data-hacking-notification-2490/
source: htxp://pastebin.com/raw.php?i=dnhsMfjL

polonus

Similar threat here: http://killmalware.com/thecloudtee.com/#
DropFileName = “svchost.exe”
WriteData = etc.
See: https://www.virustotal.com/nl/url/95956c49cf86a8ef4c33c556ca96db6416c45d6fc1dc0b8691ecf1fc400f9c3f/analysis/
Detected: https://sitecheck.sucuri.net/results/thecloudtee.com
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01

Hacked By Gl0w!Ng -F! R3

pol