Again, Pondus, thanks for checking and the Norman lab analysis. I cannot see why this is not done by others and professionals more meticulously, but I haven’t heard anything about these issues yet ???
When I check on a particular URL scanner and later skim the actual code, I see a lot of discrepancy between the results we want to see and what we get. Each scanner equals their databases and some databases are outdated or rather “lousy”. There are some that are getting better and better.
We need to go through a lot of scanners, the one with a bit more reliable results than the other. Webreputation scan results and results based on recent blacklisting are hopeless almost because one never knows if the malware link is still up or down (nil) or the infested redirect or obfuscation is still there but is leading nowhere. URL scanning for a binairy analysis of what is at a particular URL gives better results, however if results are being correctly interpreted.
This all is making the task of taking out the “dirt” out of URL scanning even harder than it already is. Good we have been building such an expertise over the recent half year period since we started doing this, actually when I found that Pondus and Asyn were into this…
Thanks to DavidR for all his appropriate advice towards the way results were to be presented.
Thanks also to you, Asyn, Dim@rik, others and recently the young Donovansrb10 for investing into this line of specific virus hunting and unmasking malicious URLs. We also cannot give all our resources out here and have to make our results anonymous to certain degrees and present them as worked on images of scan results found, because we know also the malcreants are looking over our shoulders to establish what we detect about the activities of these never to be underestimated opponents. Thanks to all of my forum friends that helped towards a better detection scheme,
It had been better if you had posted about -paintball2.by.ru starting another thread.
That is now also no longer needed, because we are protected from going there because the avast webshield neatly blocks this site as infected through JS:Redirector-LS[Trj]
Do you have both webshield and network shield installed. They are top of the bill added security components of the avast av solution. We cannot feel secure without them active.
By the way DrWeb’s URL checker also detects:
