Avast detects JS/Kryptik.ALB as JS:Decode-BTB[Trj]

polonus · September 13, 2016, 9:42am

See: http://killmalware.com/ebooksoninternetmarketing.com/#
Missed here: http://dmanalyzer.com/analyze/ebooksoninternetmarketing.com
Missed here: https://www.virustotal.com/en-gb/url/982bf1e28d25d5ddb54fbbb4883b37c770924a6e9ca55a95e387da8c1323a5ae/analysis/
Quttera: THREATSIGN! Sucuri draws the avast alert for JS:Decode-BTB[Trj] as it releases too much of the alerted code probably.

polonus

polonus · September 13, 2016, 9:58am

Again GoDaddy/hostgator insecurity abuse: http://toolbar.netcraft.com/site_report?url=http://192.185.39.29

Read on asynchronous javascript vuln.: https://prezi.com/gxnv-jt-izmu/web-20-insecurity/

Dynamic web page updates also make it difficult to bookmark and return to a particular state of the application.

polonus

Pondus · September 13, 2016, 3:57pm

Must be a old detection since Norman is listed in the Killmalware scan

Sucuri > https://sitecheck.sucuri.net/results/ebooksoninternetmarketing.com

yepp it is > First submission 2013-12-14 01:23:29 UTC ( 2 years, 9 months ago )
https://virustotal.com/en/file/551c10b90b86d58f3c89887bd2e064265bc246b78007e41824c6600a240f5135/analysis/1473781925/

Somone has not fixed there website for a very long time :

polonus · September 13, 2016, 9:10pm

Hi Pondus,

With 437 other sites hosted on this server, it does not get noticed, and it does not surprise me really.
Domain Status Registered And Active Website
Whois History 44 records have been archived since 2009-10-07
3 changes on 3 unique IP addresses over 7 years.

Present IP with some bad domain apples: https://www.virustotal.com/en-gb/ip-address/192.185.39.29/information/
malware and phishing reported for that IP.

pol

Avast detects JS/Kryptik.ALB as JS:Decode-BTB[Trj]

Announcements