I stumbled upon this while clicking on chihuahua pictures in google image search. Avast web shield says that it is a virus.
ht tp://kickboxteam-freiburg.de
Hi mbd35,
The malware must somehow be at the google image search site,
because the site you mention in your posting is not infected
as far as I can establish so far, maybe someone has some new facts:
Sucuri results:
web site: -kickboxteam-freiburg.de
status: Verified Clean
web trust: Not Blacklisted
http://www.virustotal.com/url-scan/report.html?id=fadede2fc2be171de08449b3a1b0110c-1315578883
http://urlquery.net/report.php?id=2736
http://siteinspector.comodo.com/public/reports/323362
http://www.unmaskparasites.com/web-page-options/?url=http%3A//kickboxteam-freiburg.de
http://wepawet.iseclab.org/view.php?hash=7529822027af4bb96cacb8127eec1771&t=1315591023&type=js
http://www.virustotal.com/file-scan/report.html?id=fa0a3551d0acf485126b680f3680e40cc8482dec40e0cf4dca3f332edd71c223-1315590989
On the other hand the hosting site could have been compromised with Trojan-PSW.Win32.Kates.
We have found one hundred active domains residing on 81.169.145.72 w08 dot rzone dot de.
Blacklisted URLs: 394, see: http://sitevet.com/db/asn/AS6724
polonus
Interesting.
The site seems to redirect to another site that does hae the virus. When I load the url in Firefox, it takes me to here: ht tp://nxuyeattention.info/main.php?page=e4a6f1dda2879502
And I get a “Malicious Url Blocked” popup from Avast.
DrWeb URL checker finds it:
Checking: -http://nxuyeattention.info/main.php?page=e4a6f1dda2879502
Engine version: 5.0.2.3300
Total virus-finding records: 2570426
File size: 174.99 KB
File MD5: f794caa51589c231fa7e2c435c309e2c
-http://nxuyeattention.info/main.php?page=e4a6f1dda2879502 - archive HTML
-http://nxuyeattention.info/main.php?page=e4a6f1dda2879502/Script.0 infected with Exploit.JavaScript.160 which avast also finds as JS:Downloader-AYC [Trj]
as is being demonstrated here: http://www.virustotal.com/url-scan/report.html?id=9443edbad713ad3c844cf92e6c680435-1315593644
&
http://www.virustotal.com/file-scan/report.html?id=ddb847dcf5788bc748ec30b1ecde3d46556d2f4a073fa285f29460db3434ef1e-1315600848
Good analysis mbd35, so your find is confirmed,
polonus
That’s unfortunate that searching something as innocuous as chihuahua photos on google can give you a virus. People need good protection these days. Thanks, Avast.
Hi mbd35,
Yes thousands of hacked sites have poisoned google’s image search results,
so scan every image link before you decide to click and download.
When one has WOT installed that helps, be guided by the green results,
also DrWeb’s URL checker can guide, example:
-http://www.google.nl/imgres?q=image+result& etc. etc and redirects to
-http://www.google.com/imghp
Checking: -http://www.google.com/imghp
Engine version: 5.0.2.3300
Total virus-finding records: 2570561
File size: 13.66 KB
File MD5: ea0242c1558147d986d840f6fc19ef99
-http://www.google.com/imghp - archive HTML
-http://www.google.com/imghp/Script.0 - Ok
-http://www.google.com/imghp/Script.1 - Ok
-http://www.google.com/imghp/Script.2 - Ok
-http://www.google.com/imghp/Script.3 - Ok
-http://www.google.com/imghp/Script.4 - Ok
-http://www.google.com/imghp/Script.5 - Ok
-http://www.google.com/imghp - Ok
Furthermore you have the protection of the avast shields and they are really good here.
But an ounce of precaution taken outweighs ever so many pounds of cleansing afterwards,
polonus
Google images are seeded with lots of crafted URL that end up taking you to a site which has been hacked and could redirect you to a malicious site (as in this case). Google were meant to be rooting out these bad links, but it doesn’t appear that they have had a lot of success, given the size of the google image database this certainly can’t be an easy thing.
Hi DavidR,
That is why this user was saved by the avast Web Shield. The importance of the avast shields here cannot be emphasized enough,
polonus
Yes, the web shield is probably the most effective of all the shields, certainly for this and the network shield is also helpful if the malicious sites are also on its list.
+1