Malicious Link for Pavel or Igor

system · 2006-11-09T11:03:18.000Z

For Pavel or Igor and analysts…

Link below leads to one file malicious that I do not know if is detected by avast.

hxxp://www.csfederalismo.it/User/cartella%20lavoro/flash/Cartao-visualizador.exe

I modified of HTTP for hxxp so that somebody not click.

Link came here in a virtual card in the Brazil.

Analysts could verify ?

Lisandro · 2006-11-09T11:11:20.000Z

Infected

system · 2006-11-09T11:24:27.000Z

Hi Tech

Very good…

Dr. Web has this resource to verify link ? How you it made?

What we want is that avast also detects it.

XMAS · 2006-11-09T11:36:21.000Z

Henrique - RJ post:3:

Dr. Web has this resource to verify link ? How you it made?

Hello

What Tech used is called Dr.Web anti-virus link checker - an add-on for Firefox

Henrique - RJ post:1:

For Pavel or Igor and analysts…
Link below leads to one file malicious that I do not know if is detected by avast.
hxxp://www.csfederalismo.it/User/cartella%20lavoro/flash/Cartao-visualizador.exe
I modified of HTTP for hxxp so that somebody not click.

avast! already detects this as Win32:Bancos-XF [Trj]

polonus · 2006-11-09T12:06:25.000Z

Hi Henrique,

When you scan the link with NoScript installed, your safe visiting the site.

polonus

system · 2006-11-09T12:42:04.000Z

Suspected considered other (it circulates in the Brazil via MSN):

w w w.tevinanet.land.ru

Care, not click !!!

Another that offered malicious softwares and that avast nothing detects:

http://isafetypage.com

Lisandro · 2006-11-09T13:51:17.000Z

Henrique - RJ post:3:

Dr. Web has this resource to verify link ? How you it made?

Sure: http://online.drweb.com/?url=1

Lisandro · 2006-11-09T14:07:37.000Z

Henrique - RJ post:6:

w w w.tevinanet.land.ru
http :// i s a f e t y p a g e.com

Both seem ok… ??? :

polonus · 2006-11-09T14:10:41.000Z

Hello folks,

It is also well possible that only a portion of the downloads comes with the malkware vector.

polonus

FreewheelinFrank · 2006-11-09T14:31:42.000Z

Tech, that page is definitely bad. See here:

http://sunbeltblog.blogspot.com/2006/11/more-fake-scam-sites.html

system · 2006-11-09T15:05:28.000Z

FreewheelinFrank post:10:

Tech, that page is definitely bad. See here:

http://sunbeltblog.blogspot.com/2006/11/more-fake-scam-sites.html

Accurately FreewheelinFrank…

That page (http://isafetypage.com), has for download softwares malicious that avast nothing detects.

polonus · 2006-11-09T16:57:15.000Z

Hi Henrique - RJ and FwF,

Here you can read why it is a bad page:
http://www.siteadvisor.com/sites/isafetypage.com?ref=safesearch&aff_id=0

polonus

system · 2006-11-09T17:15:38.000Z

polonus post:12:

Hi Henrique - RJ and FwF,

Here you can read why it is a bad page:
http://www.siteadvisor.com/sites/isafetypage.com?ref=safesearch&aff_id=0

polonus

Yes but the bad page contains bad programs that avast does not detect (SpywareHeal, MalwareWiper, Brave Sentry and others). I made tests and avast nothing detected in these softwares.

polonus · 2006-11-09T17:22:44.000Z

Well Henrique - RJ,

That is why we have installed special programs to scan and protect against these spyware infections. Ad-aware, Spybot S&D, Spyware Blaster (install only onto a clean system), Ewido or/and A-square free. All these programs are free and additional to avast or any other resident av-program. Not a single av-program can find all malware that exists, so you always use a multi-layered defense to keep a clean machine. Get accustomed to these routines,

That you will stay secure and surf safely is the wish of,

polonus

system · 2006-11-09T17:34:02.000Z

Strange i just installed Dr.Web anti-virus link checker, and i did scan few malicious links, few coolwebsearch and some other links which spread malicious codes, but Dr.Web did not identified them, Non of them, i wonder why ???

XMAS · 2006-11-09T18:00:03.000Z

SNOWHITE post:15:

Strange i just installed Dr.Web anti-virus link checker, and i did scan few malicious links, few coolwebsearch and some other links which spread malicious codes, but Dr.Web did not identified them, Non of them, i wonder why ???

Well, maybe Dr.Web simply do not have definitions for those malicious codes, and that’s why it doesn’t detect them :

system · 2006-11-09T22:11:13.000Z

Other…

Link below leads to one file malicious that I do not know if is detected by avast:

hxxp://www.snet.gob.sv/Hidrologia/789879816659898card.html

I modified of HTTP for hxxp so that somebody not click.

Link came here in a virtual card in the Brazil.

It’s infected…

system · 2006-11-10T13:16:59.000Z

I capture the virus (they are two) of link hxxp://www.snet.gob.sv/Hidrologia/789879816659898card.html using an accelerator of download (Free Download Manager)and avast did not detect none.

“789879816659898card.html” it’s a VBS virus (script virus) that it must make download and the automatic installation of the Trojan banker (file “chmody.exe”).

polonus · 2006-11-11T22:29:36.000Z

Hi Henrique -RJ.

Not any single antivirus solution will catch all malware or have all the definitions. That is why it is good to have some additional non-resident anti-virus solutions (one that protects against this vbs.psyme.239 virus is ClamWin Free Antivirus (see here:
http://lurker.clamav.net/message/20061103.151448.69c9d2dc.en.html)
You cannot have two resident av solutions on one machine because of conflicts, but you can have one resident av solution, like avast, together with online scanners (e.g. Bitdefender etc.) and non=resident, like ClamWin, DrWeb CureIt, stinger.exe, fprot for dos (with automatic updater, yes it is still around).
Then a lot of people have the classical anti-spyware solution on their computers: ad-aware, spybot s&d, and when the computer is malware free a protective program like SpywareBlaster, anti-trojan scanners like a-squared and ewido makes this complete. Additional in-browser security completes all: in Firefox, we have DrWeb’s pre-link scanner, MacAfee SiteAdvisor, Stealther, NoScript, AdblockPlus + G. updater. Whit security like that and SafeXP set, so I do not surf with full admin’s rights, not a lot can get in harm’s way,

polonus

Announcements