Malware right blocked by avast! Webshield on scan - JS:Include-ALR[Trj]

http://maldb.com/outliving.nl/ → outliving dot nl,83.137.194.18,ns1.hosting2go dot nl,Parked/expired,
and here the avast! Webshield detects JS:Decode-BL[Trj] → htxp://jsunpack.jeek.org/?report=6fdac0aa3d2f81357262c7a6d5f8c2e8d6888ec7
Recommended not to visit the link: http://scanurl.net/?u=www.outliving.nl%2F&uesb=Check+This+URL#results
Site blacklisted and likely compromised: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.outliving.nl%2F
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=outliving.nl
We are being protected by the avast! Webshield.

pol

This might be a blunt question. But what is the use of all the threads you’re posting about infected sites that are already detected as such? I understand it when you post the sites Avast does not detect, while even then I think an official submission to Avast is more useful. What are forum users to make from (and do with) the info you’ve posted here?

Hi prophericus,

A typical reaction from someone who holds a “security through obscurity” position. My postings are of an educational character. The submission to virus AT avast dot com is as you say the most important part and comes foremost. We find ourselves in a position that an awful lot of common users put up websites without any basic knowledge of how to secure their websites. Part of our forum users are such website owners. So every other second visitors of these insecure websites on vulnerable website servers and with outdated vulnerable Content Management Software are being infested. The reason for my postings are to enhance the general website security awareness. I know that is a sheer hopeless task, but if no-one will…
To go out on the highway one needs a driving licence, put up an endangering website anyone can without any qualification. There’s my motivation. There are users reading these postings - the very website hosting party may react, website owners reacted. Some users were even inspired to enter third party cold reconnaissance scanning.

polonus

I don’t believe in security through obscurity. I just couldn’t see how a random report as the one above with a list of copy/paste links to scanurl, sucuri, quttera, etc helps educate people. People in the know understand what you mean, but I don’t think the ones you are trying to ‘educate’ will know what to make of a report like this (if they even look here…).

Kudos on the effort you put into raising awareness. I’m just not shure this reaches the unknowing website makers you’re talking about.

Hi propheticus,

Sometimes I see these postings come up later in search results for webmasters with similar website issues. So there might be a purpose, how limited this may seem. Preaching to the choir, mainly. Maybe it is for a few aware readers and to keep an eye on weak and strong avast! detection patterns. Yes avast also has weak blind spots, especially in the Brazilian malcode theater. So my intention is to keep feeling avast"s detection pulse mainly and gain insight while doing so.

The big question remains how to reach the unknown ignorant webmaster? How to wake up the Rip van Winkles. :wink:
If only they would update and patch their CMS and saw to it/demanded that the servers that their websites ran on had the right configuration and were decently hardened to withstand instantaneous infestation, we would have gained so much. Reality teaches another story!

Secondly if we could convince software coders to code better with security in mind, this would help. This awareness has started but too little and too late!
Why webmasters for instance still go for free themes and plug-ins with vulnerabilities galore?

When we look at the overall security situation on the Internet a large part of it should rather be closed down as being unfit for secure surfing. That is a hard thing to say, but it is the truth! A lot of users are “happy go click” folks without any awareness to pre-scan unknown links.

Only a small educated faction click inside browser with decent protection like a script blocking extension, adblocking extension (essential along common av protection now), and with a lesser chance on infections because they have their software fully patched and updated and uninstalled Java for instance when they do not need that. I guess the safehex community to stand at a mere 10% of the Internet population now.

For website security the situation is likewise abominable. Most websites spread excessive header info to the globe and malicious attackers/bots to such an extent that attackers only have to look up an exploit to grant them a successful attack and turn the decent webmaster into a malcode spreading villain. Loads of sites are vulnerable to click-jacking, SEO Spam etc. etc. See my postings :smiley: .
And then we haven’t discussed javascript obfuscated injections, conditional redirects etc, etc, Furthermore the situation was not helped by the constant downgrading of website security and encryption standards by the forces behind the ongoing total surveillance grid as we learned through recent revelations, where governments and big corporations played hand in foot for whatever reasons they should have.

I am an adept of folks like the late f.ravia (reverse engineer and later into “searchlores”), Richard Stallman and security developer and ex-hacker Giorgio Maone, the developer of NoScript extension.

The question is how to reach the security ignorants. Go with the flow and only preach to the choir.
The only places where I read about website security is on Google documentation, via snort messages also going round in a particularly small circle centered around an expert like GMane and a few more distant corners of the web.

There are a few people out there that are “propheticus in the desert”, but what has it brought for the ignorant online masses - not a mere wrinkle on the endless World Wide Interwebs. ;D .

Damian