Hi abrumptum,
The flagged malware mentioned only bites when java is installed on the OS.
Java is a risk that JS:ScriptPE-inf[Trj] is exploiting, it abuses Java flaws.
An urlquery shows there are problems for the same IP: https://www.virustotal.com/en/ip-address/141.101.116.44/information/
Let us dive into this for the site an sich:
Some code anomaly here:
billionuploads dot com/js/jquery-1.8.3.min.js benign
[nothing detected] (script) billionuploads dot com/js/jquery-1.8.3.min.js
status: (referer=billionuploads dot com/pesbz1eh1hbw)saved 93636 bytes 06e872300088b9ba8a08427d28ed0efcdf9c6ff5
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined function p.getElementsByTagName
error: undefined variable p *
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
I predict that “contact.php and the validate.class.php files are nor reaching each other” info credits go to trag * from dynamic forums
variables are being set inside a conditional block. If $_POST['submit'] is not set, then none of those other variables will be either
*
Risk for IP is mentioned by one or more sources: given as benign here: http://zulu.zscaler.com/submission/show/94970ab57e3eaa6be1ce4838fec59880-1381587673
For Quttera scan I get un unreachable: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fbillionuploads.com%2Fjr9pka3qx6jb#tab1
http://www.isitdownrightnow.com/billionuploads.com.html (up and running)
IP is in this list: http://www.e-fensive.net/malware.pests
There is an existing virus on the uploader IP: http://192.96.205.162/cgi-bin/s33/up_flash.cgi
https://www.virustotal.com/en/url/df029fef966a61d18b6405285c508f56f1c444dee011cca7bfacc8b97e60b22b/analysis/
Avast will detect this threat as JS:DownloadNSave-J [Adw]
There are insecurity risks on the site ->: https://asafaweb.com/Scan?Url=billionuploads.com (that makes the site could come under attack,
excessive header info, clickjacking)
That’s all so far,
polonus