Malware?

malware?? :o

hxxp://down.zonavirus.com/programas/bitdefender-internet-security/2011/bitdefender_isecurity.exe

Norton DNS block page! Thanks…

http://zulu.zscaler.com/submission/show/8a40604aecf6c4842d4da949828eb5ab-1334432633

Virustotal:

https://www.virustotal.com/file/fd46180ee50df6e7edf9ee43c3f40cf4119cc8d9811a6e2ec2ade37b3122d794/analysis/1334432452/

[tr][td]SHA256:[/td][/tr]fd46180ee50df6e7edf9ee43c3f40cf4119cc8d9811a6e2ec2ade37b3122d794SHA1:90082f53048b88065d3e24fa609581c05b0eaf36MD5:10077580679df1d20755b1a66b185193File size:1.3 MB ( 1351320 bytes )File name:bitdefender_isecurity.exeFile type:Win32 EXEDetection ratio:0 / 41Analysis date:2012-04-14 19:40:52 UTC ( 1 minute ago )

What do you think you’re doing posting a live link to a potentially malicious executable? Change http:// to hXtp:// to avoid accidental clicks.

http://www.webutation.net/go/review/zonavirus.com
http://urlvoid.com/scan/zonavirus.com/
http://wepawet.iseclab.org/view.php?hash=283ae10839fff3e183193efde3e633eb&t=1334433446&type=js

There Will Be A Detailed Analysis Here: http://anubis.iseclab.org/?action=result&task_id=149c8c4973fce2824392896d3c52e8ac9

I checked some more and found this:
http://www.browserdefender.com/site/zonavirus.com/

So I decided to check the source code.

I believe the browserdefender’s exploit block is due to the link to satinfo. See:
http://urlvoid.com/scan/satinfo.es/

Norton says Drive-By Exploit but Sucuri doesn’t find.
http://safeweb.norton.com/report/show?url=zonavirus.com
http://sitecheck.sucuri.net/results/zonavirus.com

You can try sending the executable to avast! to see what they think of it.

First seen by VirusTotal
2010-12-07 01:39:19 UTC ( 1 år, 4 måneder ago )

Sigcheck
signers…: BitDefender SRL
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date…: 3:19 PM 9/9/2010

Not malware. :wink:

Malware was given for that IP 212.34.128.10 but is has been closed since since 2012-02-11 04:47:43
where it came accompanied by TR/Dldr.IstBar.gx it was being detected by avast
The only one that flagged the URL was TrendMicro: and the file analysis was detected as WS.Reputation.1 by Symantec,
which is a generic web rep flag, so I woukd say possibly a FP,
Anubis analysis: http://anubis.iseclab.org/?action=result&task_id=124c4bd9f848b3a94892e2f32d8428fee
See: http://www.backgroundtask.eu/Systeemtaken/taakinfo/52684/bitdefender_isecurity.exe/A1A24D436A87F0209BA2D5AA52428913/

polonus

thanks false positive norton! :smiley: