IDS alerts but is the scanned file safe?

See: https://urlquery.net/report.php?id=1432588335977
See: https://www.virustotal.com/nl/url/ab0b3f69c30c03b71e6acecf2873c8081b320f9db1489d28853adbf578c3bfaa/analysis/
Given as probably harmless: https://www.virustotal.com/nl/file/7967ca5b22c776d65590d7f2cb0929c58e9cbb85632834c3816e7a655a913914/analysis/1432587638/
OK: https://www.metascan-online.com/en/scanresult/file/c6e675b5c0094a479a3a104cf46e9227
Version: http://www.digitalpreservation.gov/formats/fdd/fdd000316.shtml

pol

Read about abuse of wp-content/uploads here: http://www.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/ link article author = Siobhan McKeown

polonus

First submission 2015-05-25 21:00:38 UTC ( 1 hour, 26 minutes ago )
https://www.virustotal.com/en/file/7967ca5b22c776d65590d7f2cb0929c58e9cbb85632834c3816e7a655a913914/analysis/1432592826/
https://www.metascan-online.com/en/scanresult/file/4dfb2a930ad849649c6aafd4c1bc187f
http://virusscan.jotti.org/en/scanresult/df4e54d900d37c9a42d861aa4b44d4b1d6cf0422

Hi Pondus,

What about this scan then, my good friend? → http://www.unmaskparasites.com/security-report/
Verdict suspicious.
Also consider the hidden spam links scan: http://www.unmaskparasites.com/security-tools/find-hidden-links/site/?siteUrl=www.rebalancing.nl

On this scanner see my other posting in this sector of the forums about the reliabilty of Unmask Parasites beta scanner.

I see this hidden link flagged by Sucuri’s: Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.injection.002 It is on this website, sure is.

 

Damian

seems like some undetected SEO:spam … poker spam

avast detect
https://www.virustotal.com/en/file/15bdef46196cc9d61390bce76a0b18d3f315410cfbd92d62a2b498d6cab88b9c/analysis/1432595178/

And Qihoo also detects this: https://www.virustotal.com/nl/file/15bdef46196cc9d61390bce76a0b18d3f315410cfbd92d62a2b498d6cab88b9c/analysis/
see latest.

polonus

Norman/BlueCoat confirms, detection added SEOPoisoning.B

F-Secure also

The submitted website has been verified to be Suspicious and the appropriate rating is now updated. The update will take effect on the next product update cycle.