Another one here, Trojan:JS/BlacoleRef.W missed: htxp://zulu.zscaler.com/submission/show/f58b27f17b497ce2c367cb12a7694ff5-1338582640
see VT results → htxps://www.virustotal.com/file/38addb00e677ec62da4d04da6344107aeaa00ba204ab3f02d9806d3e0284e85d/analysis/
see: htxp://urlquery.net/report.php?id=62312 mdl_Leads to exploit kit detected 2012-06-01 13:22:00 live malware,
which avast should normally detect as HTML:RedirME-inf [Trj]
Detected BlackHole exploit kit HTTP GET request
Detected malicious injected iframe → iframe src='htxp://mazdaforumi.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c
(the one we reported in the previous posting)
We see this is an ongoing problem through a malware campaign (5 hrs ago, 6 hrs ago) when we search for: htxp://www.google.nl/search?sugexp=chrome,mod=9&ix=h9&sourceid=chrome&ie=UTF-8&q=iframe+src%3D’http%3A%2F%2Fmazdaforumi.ru%3A8080%2Fforum%2Fshowthread.php%3Fpage%3D5fa58bce769e5c2c
Another Trojan:JS/BlacoleRef.W, not detected, htxps://www.virustotal.com/file/07ca7776a566cc872c2fd0602da135072e780a10b062175e00c2710f3f63a365/analysis/
from: htxp://zulu.zscaler.com/submission/show/af5d670395a65113f12e98337f95bb64-1338587387
see: htxp://urlquery.net/queued.php?id=62630
Well then they are running a new campaign with this again. So old wine in new sacks, so to say. Thanks for your evaluation.
I just report what I see happening while scanning and when I cannot get a avast detection, I immediately report back to the avast base,
well analysts. I think you are developing a very good “feel” for the various varieties of malcoded scripts out there,
as it is inspiring for both of us,
Hacktool or backdoor not detected by avast: htxp://zulu.zscaler.com/submission/show/61e0aaa070b0a7ac40098af1a3a433f0-1338986102
and VT results: htxps://www.virustotal.com/file/80725340b7830288dfe4969eb070a542516a040efc2c1e6473b6051d086f46ab/analysis/
reported to virus AT avast dot com,
