FP Of kevjuma's site

XXX.kevjumba.com. This site has virus according to yesterdays defintions according to EST…

virus total reports it clean,

Virustotal is just a reputation scan…it does not scan for infection on website
Usless You download the html and scan that

http://sitecheck.sucuri.net/results/Kevjumba.com

Avast isn’t alone in finding it infected/suspect Sucuri (image1) AVG Threat Labs (image2).

The alert is on (image3) and may be a wordpress exploit, sending the page to virustotal only gets a few detections, mainly avast and Kaspersky (as gdata also uses avast as one of its two scanners), https://www.virustotal.com/file/b1f9c4234e61e59efc00e1d066c9976bff66820cc4dbfe8da9b4ac181328ad37/analysis/1333398643/. The fact that there is a low detection rating isn’t unusual, avast is very hot on script exploits, etc.

malware is located in the js file seen by sucuri…so you can change the topic title :wink:

https://www.virustotal.com/file/b1f9c4234e61e59efc00e1d066c9976bff66820cc4dbfe8da9b4ac181328ad37/analysis/1333398962/

That website has a Phoenix exploit kit 8)

Anthony

See: htxp://urlquery.net/report.php?id=37253 (but no alerts given)
Also we can state the results of this diagnostic site is at least questionable: htxp://www.mbi-connexion.com/securite/diagnostic/k–kevjumba.com

polonus

avg is reporting it has a phoneix exploit kit.

Hi adotd,

You do not have to repeat that.

Urlquery dot net normally give alerts when blacole requests etc. are being made.
Site could have had that response,

polonus