Hi malware fighters,
When visiting here: htxp://scforum.info/ (protected through NoScript and RequestPolicy on)
Wepawet report: http://wepawet.iseclab.org/view.php?hash=dd0517fb2bd1973af580c9e0fd01e5c9&t=1270505213&type=js
warning there : “The analyzed resource uses an unknown script language (unspecified/VBScript)
This may affect the detection of malicious code”
however I got an alert from RUBotted. Activity detected.
I looked up the site at unmasked parasites and got:
This page seems to be
1 suspicious inline script found.
1 hidden external link found.
The suspicious inline script see picture
Is this a Joomla! googleanalytics hack for s10.histats.com,
which is malicious; the last time suspicious content
was found on this site was on 2010-03-09.
Here the histats site is found to be clean: http://scanner.novirusthanks.org/analysis/8cf8463b34caa8ac871a52d5dd7ad1ef/aW5kZXg=/
Malicious software includes 15 exploits, 10 trojans.
This site was hosted on 2 network(s) including AS36351 (SOFTLAYER), AS13867 (CNET).
Yes, this site has hosted malicious software over the past 90 days. It infected 35 domain(s), including pageantport.com/, thaiweddingfair.com/, gallerygalore.net/(last 2 seems cleansed sites now)
pageantport however is malware ridden:
Small-whitebg-red Drive-By Downloads
Threats found: 128
Here is a sample:
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=48&st=0&sk=t&sd=d&sid=cfd64de922b6cfc3411ccc96951a3071&start=90
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=48&st=0&sk=t&sd=d&sid=cfd64de922b6cfc3411ccc96951a3071&start=135
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=48&start=0&sid=cfd64de922b6cfc3411ccc96951a3071
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=48&sid=92cb43a3063d0ae7b53df1878e7455aa
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=48&st=0&sk=t&sd=d&sid=cfd64de922b6cfc3411ccc96951a3071&start=45
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=28&st=0&sk=t&sd=d&sid=5b86779067c7e3a7f1cdfb207613ee2a&start=45
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=59&sid=5e782162437aa7a4abc0b8ef91b84ccb
Threat Name: HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/cron.php?cron_type=tidy_search&sid=c403aef2b080e2a6aa48d7276c24573c
Threat Name: Direct link to HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=28&sid=9f295b7b94c7c08fc57311d554c7da2d
Threat Name: Direct link to HTTP Malicious Toolkit IFrame Injection
Location: hxtp://www.pageantport.com/oldboard/viewforum.php?f=51&sid=724fbe5f01ea02c45ddeddbba3c35e75
polonus