Hello, Avast is reporting JS:Pdfka-gen [Expl] on PDF from this web by CIA: https://www.cia.gov/library/readingroom/document/cia-rdp80-00926a003400040002-0
Does it mean CIA is attaching viruses?
Yes there is a pdf.doc on the page that trigger avast
Hi tresder,
Thank you for that VT result, Pondus.
Interesting is also this SSL Certificate info on the IP of that uri: https://www.threatminer.org/ssls.php?q=gibraltar&t=19
See particularly: https://www.threatminer.org/host.php?q=23.196.166.10
See the analysis here: -https://aw-snap.info/file-viewer/?protocol=secure&tgt=www.cia.gov%2Flibrary%2Freadingroom%2Fdocument%2Fcia-rdp80-00926a003400040002-0&ref_sel=GSP2&ua_sel=ff&fs=1 (I blocked for the unaware).
See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.cia.gov%2Flibrary%2Freadingroom%2Fdocument%2Fcia-rdp80-00926a003400040002-0+
65 HTTP transactions. Of those, 65 were secure (100 %) and 100% were IPv6.
The main IP is 2600:1400:a:18a::184d, located in United States and belongs to AKAMAI-ASN1.
Re: https://urlscan.io/result/1c7bd14e-089a-4dfa-9dc9-2dbe47f48dbb#summary
See the Google/Symantec Certificate: http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.cia.gov%2Flibrary%2Freadingroom%2Fdocument%2Fcia-rdp80-00926a003400040002-0+
And I get a warning for root installed on the server and that is not ‘best practices’ for one.
Link to -23.203.80.115 has been moved permanently.
I cannot get an alert here: https://www.virustotal.com/pl/url/b8733c1e3fc3b4a5a18bbb5d4302d34d94db430df65bff638c37ec2c07a961e7/analysis/1490651694/
It is a foreign language instructor site document, but I do not see alerts for it, but it could be banner adware flagged!
It is on an Akamai Acelerator mirrored DNS service.
Re: http://zulu.zscaler.com/submission/show/2507c5015a4136442ee3519c6a4840ab-1490651926
So far only Avast flags it, and that is one hour ago, so we have to wait to see whether this is not a FP.
If real it is Adobe abuse transported via/on Akamai…
polonus
Hello.
This is a False positive. I submitted this file last week and it has been fixed only in the most current version.If you are using an older version of Avast the file is detected as the most recent shows scan
A new VPS has been released and detection is fixed all versions of Avast.