Only sucuri, TrendMicro & securecast to detect JS malware here? [SOLVED]

Viruses and worms
1

Hi forum friends,

The answer is NO, the network shield blocks the malicious site as URL:MAL

But DrWeb’s URL checker misses it:
Checking: -http://eponim.mk/js/
Engine version: 5.0.2.3300
Total virus-finding records: 2521285
File size: 3883 bytes
File MD5: 06013f1eb9fd5a4f751d92a3d210b058

-http://eponim.mk/js/ - Ok (and it is not OK)

For example not detected here: http://wepawet.iseclab.org/view.php?hash=4cf84dda002926e718c48ebaf49ba22b&t=1314375741&type=js
Also found to be clean here: http://www.google.com/safebrowsing/diagnostic?site=eponim.mk/js/

But it was found dangerous here: http://www.urlvoid.com/scan/eponim.mk
and 1 phishing threat is being alerted here: http://safeweb.norton.com/report/show?url=eponim.mk

Sucuri results flag it:
web site: -http://eponim.mk/js/
status: Site infected with malware
web trust: Not Blacklisted
javascript malware details: http://sucuri.net/malware/malware-entry-mwanomalysp7
Injection url for OScommerce mass compromise campaign flagged on the securecastdot co dot kr threatlist…
Also see: http://sitevet.com/db/asn/AS32613 eponim.mk also came to infect 27 sites, e.g. atherosclerosis-image-library dot at/, rd43 dot com/, todo-gafas dot com/,

polonus

2

VirusTotal - URL scan
http://www.virustotal.com/url-scan/report.html?id=4cf84dda002926e718c48ebaf49ba22b-1314369527

VirusTotal - HTML scan
http://www.virustotal.com/file-scan/report.html?id=153a881d9ce1b936cb2c6b3c79f381fbc54c14160cc58adc67e6271187d5649e-1314376770

3

Hi Pondus,

Thanks for confirming. Just to think there were 33 scripting exploits found recently on that site according to Google Safe browsing, Norton reporting this:
-http://eponim.mk/includes/modules/firstdirect.htm (but that is no longer found there actually)

polonus

4

Here is a list of the now dead links on that site.
Interesting, isn’t it?

##/includes/images/
##/includes/languages/macedonian/images/buttons/button_quick_find.gif
##/tell_a_friend.php
##/privacy.php
##/privacy.php?osCsid=6a143d47efe75ff1f0de69a5af628a2a
##/function.require/
##/function.require
##/privacy.php?osCsid=7f381fc8573a10456ee68830124af0c8
##/privacy.php?osCsid=2ccb982dd319605c86626e5aef0d02e7
##/privacy.php?osCsid=2064f4bcf6bb9fb5daae629804e5ddbb
##/includes/languages/english/images/Thumbs.db/
##/privacy.php?osCsid=f615071023a8954a10edf695ebddc495
##/includes/languages/english/images/bann.gif
##/includes/languages/macedonian/images/Thumbs.db/
##/privacy.php?osCsid=d98c6ccc2da1af717be13df2a87c7485
##/images/acer1.jpg
##/includes/languages/macedonian/images/buttons/Thumbs.db/

polonus

5

Norman lab

##://eponim.mk/js/ - js.htm : Processed - HTML/Vobfus.G