Phishing page

system · May 11, 2013, 9:36pm

Hello

I have a phishing page ( bank ) in htm and avast! and any other antivirus don’t detect it ( VirusTotal ).

Some avast! analist could examine ?

Thanks

Left123 · May 11, 2013, 9:37pm

Hi,
if you’re not going to post it here,make sure to PM me.
Philip,
Thanks

system · May 11, 2013, 9:42pm

What will you do ?

polonus · May 11, 2013, 9:43pm

Well, you certainly could send it to virus AT avast dot com,

polonus

Left123 · May 11, 2013, 9:45pm

Hi,
just want to have a look at the .htm file.

system · May 11, 2013, 9:48pm

The automated system will not detect

The avast! analysts have access to htm?

polonus · May 11, 2013, 9:52pm

Hi Philp,

Go and work through it for me too to see if you find something interesting for us all to be aware of. Were the phishes reported to for instance Netcraft Anti-Phishing or tested against http://www.ptrrecord.net/dnsbl-check.php?ip= or against trunckenbrodt’s resources?

pol

Left123 · May 11, 2013, 10:04pm

Hi,
seems you don’t trust me ???

DavidR · May 11, 2013, 10:09pm

Not really a trust thing not that he knows you personally, but we shouldn’t be using the forums as some sort of quasi distribution centre anyway. Samples should be sent directly to avast.

Left123 · May 11, 2013, 10:13pm

Hi,
whenever i contribute in malware analysis,i only post information for educational purposes,not that i would i care that much if i couldn’t analyse 1 page,which is obviously not confirmed to be malicious.

system · May 11, 2013, 10:17pm

Do you have contact with analysts avast! ?

DavidR · May 11, 2013, 10:26pm

It should be sent as suggested to virus (at) avast.

Currently the on-line contact form, http://www.avast.com/contact-form.php?loadStyles doesn’t cater for reporting Undetected malicious/phishing sites only reporting FPs on sites.

Since avast doesn’t specifically have phishing sites on the VPS only malicious/infected sites, there isn’t a specific way to report them for inclusion in the VPS for Network Shield.

Also see http://forum.avast.com/index.php?topic=82635.0, extract below.
Reporting a phishing/malicious/hacked site not detected by the Network/Web Shield/s:
Essentially it is sending an email to virus (at) avast (dot) com (no attachment as there is no physical file) outlining the issue and giving the URL in the body of the email.

The email Subject is probably more crucial as I would say it still has to be called ‘Undetected Malware’ for it to be filtered within the receipt system for action. I would go further and include ‘Network Shield’ in the subject to further define the problem and possibly attract attention. So the subject would be something like “Undetected Malware - Network Shield - Phishing/Malicious site” (whichever is applicable), without the Quotes.

polonus · May 11, 2013, 10:28pm

Hi DavidR,

That is why I suggested that as first option. Besides I would not doubt both users in the thread as to their good intentions, else there was not a possibility they could be members of this forum, because there should be no room left here for malintent.
Whenever I scan and analyse a website it is just to aid the victim in pointing out the (potential) malcode found and also alert to software weaknesses and vulnerabilities to be tackled.
To just show this with an example. It is for instance vital to know for webmasters that they could better run PHP as cgi for certain configurations on linux as PHP is weak and vulnerable in design and is the royal hackroute into website server software… This knowledge is vital in nature and therefore I do not believe in security through obscurity - it does not last long anyway. It all comes with the intention - as a hammer can be used either to ruin or sculpt something beautiful… same is wiyh code versus malcode…

polonus

P.S.
@DavidR → From what you tell us here, we urgently need an anti-phishing shield in the avast solution. This could be the start of such a new feature!

Damian

DavidR · May 11, 2013, 10:37pm

There is anti-phishing in avast, it is part of the avastUI, Settings, WebRep & Antiphishing, but there are no user settings.

system · May 11, 2013, 10:39pm

DavidR post:12:

It should be sent as suggested to virus (at) avast.

Currently the on-line contact form, http://www.avast.com/contact-form.php?loadStyles doesn’t cater for reporting Undetected malicious/phishing sites only reporting FPs on sites.

Since avast doesn’t specifically have phishing sites on the VPS only malicious/infected sites, there isn’t a specific way to report them for inclusion in the VPS for Network Shield.

Also see http://forum.avast.com/index.php?topic=82635.0, extract below.
Reporting a phishing/malicious/hacked site not detected by the Network/Web Shield/s:
Essentially it is sending an email to virus (at) avast (dot) com (no attachment as there is no physical file) outlining the issue and giving the URL in the body of the email.

The email Subject is probably more crucial as I would say it still has to be called ‘Undetected Malware’ for it to be filtered within the receipt system for action. I would go further and include ‘Network Shield’ in the subject to further define the problem and possibly attract attention. So the subject would be something like “Undetected Malware - Network Shield - Phishing/Malicious site” (whichever is applicable), without the Quotes.

Ok

I sending for virus[at]avast[dot]com with subject, Undetected Malware - Network Shield - Phishing/Malicious page.

I’ll wait …

DavidR · May 11, 2013, 10:40pm

Hopefully it won’t be a long wait.

system · May 11, 2013, 10:45pm

That the problem …

polonus · May 11, 2013, 10:48pm

Hi Henrique - RJ,

Thank you very much for your contribution to a better protection of all avast users here.
Our overall security depends on contributions like yours.
I am certain the avast team analyzers will put your contribution to good use to enhance avast! anti-phishing!
Stay safe and secure both online and offline,

polonus

Lisandro · May 13, 2013, 12:30am

Yes, put just hxxp:\ to broke the link and it’ll be ok.

Phishing page

It should be sent as suggested to virus (at) avast.

Announcements