Link : hxxp://swimandscuba.netfirms.com/indexmovie/
I received this in a facebook message which has typos so this is probably not a false positive.
[L] JS:Redirector-CH [Trj] (0)
What does this do?
Link : hxxp://swimandscuba.netfirms.com/indexmovie/
I received this in a facebook message which has typos so this is probably not a false positive.
[L] JS:Redirector-CH [Trj] (0)
What does this do?
please change yr link so that it is a not an active hyperlink.
For example, change to the folowing -
Link : hxxp://swimandscuba.netfirms.com/indexmovie/
This deactivates the link, such that users, especially newbies, will not be in danger of infection if they click the link. At the same time, more expert users can still see what is the web address.
Ok , have edited my post.
Hi,
Your reference link is look not harmful or clean :
http://safeweb.norton.com/report/show?url=http://swimandscuba.netfirms.com/indexmovie/&x=9&y=11
http://www.unmaskparasites.com/security-report/
And avast! detected this website infected as same as your information, it could be rite because this website contains a lot of video files.
avast! [User]: File “http://swimandscuba.netfirms.com/indexmovie/3jnjm6.php” is infected by “JS:Redirector-CH [Trj]” virus.
“%3” task used
Version of current VPS file is 100601-0, 06/01/2010
I don’t think we should trust those site advisors , afterall netfirms.net is a hosting site and I believe the advisors simply traces the domain name.
Hi malware fighters,
It isn’t there any longer:
Blank page / could not connect
No ad codes identified
Empty source - Could not connect to site?
polonus
Whhhaaaaat?!
If you mean you cannot access the site , change the hxxp to http.
What.
Looks like a redirect that will send you to 89.195.68.23:518/3933a4e97c2/ a porn movie site
where you will be asked to download a flash update
VirusTotal - setup.exe - 13/39
http://www.virustotal.com/analisis/53e7b74315a3a487cfe4d63750ea708b0550e7e2902e5a5e3a8de0e4c665e71e-1275402070
Wepawet - 89.195.68.23:518/3933a4e97c2/
http://wepawet.cs.ucsb.edu/view.php?hash=121f7966a743917287d515858583379d&t=1275403703&type=js
Hi Pondus,
Right, that is what is happening, because the url does not go anywhere with NoScript and RequestPolicy active in the browser, and that is what I experienced filling in the URL in my bad iFrame detector scanner.
What happens in a not protected browser, we get this: video…
<script src='fbli.php'></script>loading...
,
which is a suspicious looking GET request containing %3C, %3E, and %2F, cross-domain script loading, redirecting to: http://www.robtex.com/ip/89.195.68.23.html#blacklists
htxp://bitisoftwares.com/alerting.html This URL is currently listed as malicious by TrendMicro…
polonus
But why the error in unmaskparasites ? on this 89.195.68.23:518/3933a4e97c2/
ahaaa…you found the Pondus pic …done some homework ;D
Hi Pondus,
Because it is a FTP download link, and if you would have tried it out in Malzilla, you would have known,
polonus