JS:Clickjack-A[Trj] detected on website by Avast!

Viruses and worms
1

See: Trojans detected:
Object: -http://aegisims.com/index.php/en/
SHA1: eded234bf3c77671ed321aa14b5e7bf03eaf8c57
Name: TrojWare.JS.Agent.caa
See: https://www.virustotal.com/nl/url/0fdaf521e5c9eb92b6f207ab22542f2f65da73eeeeacc12f65840cb9cbc2a04e/analysis/
Missed detection: https://urlquery.net/report.php?id=1442099375698
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Faegisims.com
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 WordPressExpert WordPressExpert

PHP critical vuln.: http://www.scip.ch/en/?vuldb.76015

polonus

2

A JS:Clickjack-B[Trj]-variant detected here: Trojans detected:
Object: -http://2bfreeatlast.net/index.php?id=86823&option=com_k2&task=user&view=itemlist
SHA1: dedc4a0f5c4895899bb7c88528a2a505a19b455b
Name: TrojWare.JS.Agent.caa
See: https://www.virustotal.com/nl/url/48c55b3be3824508c372221c449bf0a64f37257e91dadb5d6acf205ef767fa1a/analysis/
Infested with SEO Spam: https://sitecheck.sucuri.net/results/2bfreeatlast.net
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a); t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}dnnViewState();

Template by 888 Poker Bonus Code

53 malicious files detected: -http://quttera.com/detailed_report/2bfreeatlast.net
Example: File name: /index.php?option=com_k2&view=itemlist&layout=category&task=&id=&itemid=294


[[function dnnViewState]]

Also detected reference to blacklisted domain

Web application version:
Joomla Version 2.5.3 found at: -http://2bfreeatlast.net/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.28 or 3.4.3

Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
analytics
jquery171
The following components were detected from the HTML source of the Joomla front page.
com_k2
No plugins were found passively in HTML source

Linked iframes
-http://www.youtube.com/embed/u9wf8y_5yn4?autoplay=0&hl=en&fs=1&showinfo=1&iv_load_policy=3&rel=0&loop=0&border=1&color1=da892e&color2=141414&controls=1
-http://graphics8.nytimes.com/bcvideo/1.0/iframe/embed.html?videoid=100000001601732&playertype=embed
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

polonus