"Malware Dumps" on labs.sucuri.net

Earlier today I did a scan on one website on Sucuri that had apparent infection on it (which I already wrote about on this forum) and as I checked the Sucuri labs iarticle about the infection type it gave (http://labs.sucuri.net/db/malware/malware-entry-mwjs160?17), what caught my attention was the “Malware Dump” text window at bottom of the article. I haven’t seen much of those before som I’m really not sure weither that’s some info about the site I scanned or some genrral stuff, but more than that I thought weiter if it’s safe to view that stuff on my browser if it indeed is some malicious coding, or has it been rendered harmess with something similar to this forum’s “code” function?

I thought weiter if it's safe to view that stuff on my browser if it indeed is some malicious coding, or has it been [b]rendered harmess with something similar to this forum's "code" function?[/b]
Yes ;)

Some time ago, many of the analysis sites had to be excluded as the results could indeed trigger the web shield.

It seems some have learnt to place them in code tags if that function exists on their web site.

Personally I would prefer it if the code examples were done as images, but this isn’t really possible when live analysis is being done.

Hi DavidR,

Agree with you there that a representation of code that could trigger an (even false) alert (even while there is no real payload or live or obfuscated links inside, but enough of the code being exposed to kick up such an alert)[b], shoud preferably be given as an image. [/b]

When links are given to code representations always at least block like -http(s) or hXtp(s) so the unaware will not click on it an gets startled by an alert, for which they haven’t the expertise to know what it really is all about). So now when I present a source code analysis of Redleg’s fileviewer for website code for instance (where Redleg already has taken care to break all live links inside the code) I nevertheless break that link, when I give it. Like -https://aw-snap.info/file-viewer/ etc. or htxps://aw-snap.info/file-viewer/ etc.

Those that then want to see the real contents of the link, do not need rocket technology to reconstruct the live link.
At least they then do this knowingly, and I feel I haven’t put the unaware at risk or those without relevant knowledge, that do not know what they are doing.

Always remember there are also minors and kids visiting our pages.
Let them come and learn on the avast forums, we are glad to educate them, butat least do this without causing any harm.

polonus (volunteer website security analyst and website error-hunter)