Site not safe: http://trafficlight.bitdefender.com/info?url=http://rebotstat.com/botstat/stat.php
Found obfuscated script on this site: http://urlquery.net/report.php?id=3490
See VT results: http://www.virustotal.com/url-scan/report.html?id=8a1627369c2388ba416482b433d67edd-1317044749
See VT results: http://www.virustotal.com/file-scan/report.html?id=d5090d5510baadde012135a0f9661977799519335f9ff2f7011531d5e965452f-1317051952
polonus
The VirusTotal scan you posted is a month old… 26/9-2011
http://www.metascan-online.com/results.cgi?uid=45qpua6396kwf0xornqpueqn93wypoy7
Hi Pondus,
So you mean that this was a Norman FP, I did a url scan,the urlquery.net results are actual and recent, and the vulnerability was not repaired. The iFrame malware could have been cleansed, should have to repeat the scan aat wepawet, and so I did and then I get: http://wepawet.iseclab.org/view.php?hash=999a02ff9f4ea1bbc2fc5495622efb66&t=1318844981&type=js (see the iFrame there - suspicious as I searched- Bitdefender Trafficight blocks this address):
-http://www.google.pl/url?sa=t&source=web&cd=1&ved=0CBsQFjAA&url=http%3A%2F%2Fm-e.crossfitharlem.net%2F&rct=j&q=m-e.crossfitharlem.net&ei=nfqbTsfgBMibOqvOoYkK&usg=AFQjCNGpSeZDwqayejiZejCD2-WAG3hrJQ&sig2=0wG3n-v7XLDl_mw7fxslYw&cad=rja
So still there, or cleansed : not analyzed] m-e.crossfitharlem.net/z/st1
status: (referer=www.google.com/trends/hottrends)failure: HTTP Error 404: NOT FOUND
pol
So you mean that this was a Norman FP,No i think they have cleaned it....
and if VirusTotal had worked today we could have scanned the url…
Hi Pondus,
Well I think the vulnerability may still be there if not fixed by the vendor or the software being updated, but the iFrame redirect rather was taken down. Good we asked attention for this issue, ;D
polonus
Finaly managed to get a new VT scan
URL: http://www.virustotal.com/url-scan/report.html?id=999a02ff9f4ea1bbc2fc5495622efb66-1318837420
Hi Pondus,
Thanks,
pol