Hello
I have a phishing page ( bank ) in htm and avast! and any other antivirus don’t detect it ( VirusTotal ).
Some avast! analist could examine ?
Thanks
Hi,
if you’re not going to post it here,make sure to PM me.
Philip,
Thanks
Well, you certainly could send it to virus AT avast dot com,
polonus
Hi,
just want to have a look at the .htm file.
The automated system will not detect
The avast! analysts have access to htm?
Hi Philp,
Go and work through it for me too to see if you find something interesting for us all to be aware of. Were the phishes reported to for instance Netcraft Anti-Phishing or tested against http://www.ptrrecord.net/dnsbl-check.php?ip= or against trunckenbrodt’s resources?
pol
Hi,
seems you don’t trust me ???
DavidR
9
Not really a trust thing not that he knows you personally, but we shouldn’t be using the forums as some sort of quasi distribution centre anyway. Samples should be sent directly to avast.
Hi,
whenever i contribute in malware analysis,i only post information for educational purposes,not that i would i care that much if i couldn’t analyse 1 page,which is obviously not confirmed to be malicious.
system
11
Do you have contact with analysts avast! ?
DavidR
12
It should be sent as suggested to virus (at) avast.
Currently the on-line contact form, http://www.avast.com/contact-form.php?loadStyles doesn’t cater for reporting Undetected malicious/phishing sites only reporting FPs on sites.
Since avast doesn’t specifically have phishing sites on the VPS only malicious/infected sites, there isn’t a specific way to report them for inclusion in the VPS for Network Shield.
Also see http://forum.avast.com/index.php?topic=82635.0, extract below.
Reporting a phishing/malicious/hacked site not detected by the Network/Web Shield/s:
Essentially it is sending an email to virus (at) avast (dot) com (no attachment as there is no physical file) outlining the issue and giving the URL in the body of the email.
The email Subject is probably more crucial as I would say it still has to be called ‘Undetected Malware’ for it to be filtered within the receipt system for action. I would go further and include ‘Network Shield’ in the subject to further define the problem and possibly attract attention. So the subject would be something like “Undetected Malware - Network Shield - Phishing/Malicious site” (whichever is applicable), without the Quotes.
Hi DavidR,
That is why I suggested that as first option. Besides I would not doubt both users in the thread as to their good intentions, else there was not a possibility they could be members of this forum, because there should be no room left here for malintent.
Whenever I scan and analyse a website it is just to aid the victim in pointing out the (potential) malcode found and also alert to software weaknesses and vulnerabilities to be tackled.
To just show this with an example. It is for instance vital to know for webmasters that they could better run PHP as cgi for certain configurations on linux as PHP is weak and vulnerable in design and is the royal hackroute into website server software… This knowledge is vital in nature and therefore I do not believe in security through obscurity - it does not last long anyway. It all comes with the intention - as a hammer can be used either to ruin or sculpt something beautiful… same is wiyh code versus malcode…
polonus
P.S.
@DavidR → From what you tell us here, we urgently need an anti-phishing shield in the avast solution. This could be the start of such a new feature!
Damian
DavidR
14
There is anti-phishing in avast, it is part of the avastUI, Settings, WebRep & Antiphishing, but there are no user settings.
system
15
Ok
I sending for virus[at]avast[dot]com with subject, Undetected Malware - Network Shield - Phishing/Malicious page.
I’ll wait …
DavidR
16
Hopefully it won’t be a long wait.
Hi Henrique - RJ,
Thank you very much for your contribution to a better protection of all avast users here.
Our overall security depends on contributions like yours.
I am certain the avast team analyzers will put your contribution to good use to enhance avast! anti-phishing!
Stay safe and secure both online and offline,
polonus
Yes, put just hxxp:\ to broke the link and it’ll be ok.