See: Trojans detected:
Object: htxp://3gool.blogspot.ca/2011
SHA1: 832bb2cf5a5c7791030a3c8df37f4cc84adb0b26
Name: TrojWare.JS.TrojanClicker.FbLiker.A
To prove the aboce thesis.
Domain Doctor report:
T+0.00s Diagnosis started at 2014-09-15 19:05:06 GMT
T+0.00s Domain name format appears valid
T+0.00s Beginning DNS trace for 3GOOL.BLOGSPOT.CA, starting at the root
T+0.13s Querying DNS server A.ROOT-SERVERS.NET for NS records for CA
T+0.13s Got 7 servers for CA
T+0.13s Nameservers for CA are as follows:
ANY.CA-SERVERS.CA
C.CA-SERVERS.CA
E.CA-SERVERS.CA
J.CA-SERVERS.CA
K.CA-SERVERS.CA
L.CA-SERVERS.CA TLD.ISC-SNS.NET
T+0.20s Querying DNS server ANY.CA-SERVERS.CA for NS records for BLOGSPOT.CA
T+0.30s Got 4 servers for BLOGSPOT.CA
T+0.30s Nameservers for BLOGSPOT.CA are as follows:
This detection is well established and quite some scanners flag this. That is not my point here, but I like to point out that most website security scanners do not mention the information I provided above. This is not taken into account like a DNS error report and a domain status report like parked/expired/Ghosted etc. Sucuri does not provide this info, VT does not either as far as I am aware and just like the jsunpack info and the asafaweb scan error and warning info for ASP it makes establishing the status of a site’s malcode a lot easier. There are a score of other factor I won’t enter into, That is why website security should be performed by a team of experts for each aspect of that website’s technology. A lone tester makes often lousy reports, a bundler of reports does a far better job. Domain info as I see it is in the public domain, so as with the afraid dot org issues that avast! blocks should be explained.
Mind that some information cannot be given because the scanners do not allow the scan results to be made public or be used against the website (e.g. Qualys & Dazzlepod scan results). There are cases where port scanning led to blocking whole provider’s IP ranges. Especially American web-admins are known “to use big ammo for a probably quite innocent gnat” :o. This also because of the weak legal user position in some countries. Outside certain specific granted environments the position of the researcher may sometimes be problematic, but not accessing the site in question itself helps.
Some always find a solution for an existing problem. I give this info therefore “as is”. ;D
Just like to-day when I visited a hairdresser’s asking customers not to listen to any radio there. Listening to the radio was just meant for the shop-owner and her assistants, so they could listen without having to pay royalties for playing music in public. Clever, isn’t it.?