Can Avast 6 free version dected lizamoon mass-injection yet?

Hi there

Can Avast 6 detect and remove lizamoon mass-injection yet? according to virus total it can not?

http://www.virustotal.com/file-scan/report.html?id=cd902b92042435c2d70d4bf59acc2de8229bfc367626961f76c03f75dcd7e95c-1301609887

if Avast 6 can not will there be an update for this soon?

many thanks

Look here… :wink:
http://www.virustotal.com/file-scan/report.html?id=cd902b92042435c2d70d4bf59acc2de8229bfc367626961f76c03f75dcd7e95c-1302797495
or click on: more up-to-date report in the link you posted…!!!
asyn

ah i see ty :slight_smile: but there is no mention of Avast 6 on there?

avast 5 and 6 is same virus engine :wink:

Avast 6 can detect it if Avast 5 can…

Yes, you only need to do a forum search in the viruses and worms forum on lizamoon to see that. What VT is showing is the payload from one of the lizamoon redirects, that payload can and will change depending on what redirect is used. That is why it is better to prevent the SQL Injection exploit to the redirect site.

The avast web shield blocks the exploit, the actual script injection on the effected site, so the script command to connect to the remote site is effectively blocked before any payload is downloaded/run/activated.

I would also suggest using Firefox with the NoScript add-on to prevent the running of scripts until you give permission, this helps prevent driveby attacks/downloads. Using the RequestPolicy add-on also prevents cross site scripting, which is what would be going on with this lizamoon sql injection attack.

You’re welcome…!

i see, many thanks for everyone’s quick reply’s, that has put my mind at ease

Good. :slight_smile:
Have a nice sunday,
asyn

Hi Asyn,

And the campaigns are going on, after lizamoon, now the “Barracuda automated SQL-injection” campaign, write-up here on this:
http://www.net-security.org/secworld.php?id=10884
Very hard to get certain web apllications secure. Another example reported here: http://www.itsecuresite.com/seclabs/sucuri/database-injection-on-joomla-websites-yourstatscounter-dot-cz-dot-cc.html

polonus

Yeah, the bad guys never stop. :frowning:
But neither do we…!!! :wink: