hXXp://www.grave-digger.de/
It’s weird that band’s official site is infected. Do you think it’s a false positive?
hXXp://www.grave-digger.de/
It’s weird that band’s official site is infected. Do you think it’s a false positive?
Surely by now you should be getting the message that sites are being hacked at a monstrous rate and avast has a high detection rate with good accuracy.
The home page has been modified, all that is on it is a single line containing a hidden iframe tag, it also uses a different port 8080, normally to try and avoid things that monitor port 80 traffic, but it didn’t slip past avast, see image.
So it looks like the site has been hacked and the avast detection is good.
– Every 3.6 seconds a website is infected http://forum.avast.com/index.php?topic=47096.msg396648#msg396648.
Thank you! Avast is awesome, it saved me from situations like this one quite some times. Who do you think has hacked some band’s official site? What’s the purpose of this?
Short answer:
More detailed:
This can usually be to redirect to a malicious site which will infect your system and there are remote tools that can a) find sides that have vulnerabilities in the sites software (old versions) which can be exploited, then, b) pages modified, this isn’t usually so blatant as this case where the only code on the page is the iframe tag. These are usually inserted into the original page leaving it to all intents and purposed the same to the unsuspecting visitor.
Payload, this depends on what is at the other end of the iframe redirect or script from that location that is run. Normally this would infect your system or run one of the fake AV or spyware rogue programs to extort money. Most things revolve around control of your system adding to a bot net for money making or malicious purposes, there really are too many possibilities. But why would they put the effort in if it wasn’t productive, e.g. generating money.
Thank you for the explanation!
You’re welcome.