Site blacklisted but has it malware?

See: http://siteinspector.comodo.com/public/reports/show_log?id=23097
See: http://urlquery.net/report.php?id=13016
See: http://vscan.urlvoid.com/analysis/6617b2d01ef7f928c5c03612030b5a99/cGF0Y2gtZXhl/
See: http://www.virustotal.com/file-scan/report.html?id=d3e26c62d5672f3466b62ab897a233fcddfe42b1ebacdcf9572683fdbae46be5-1324492435
See: http://www.webutation.net/go/review/funad.co.kr

polonus

Activity resembles of sonebot malware…

The DrWeb URL link scan:
Checking: -http://www.funad.co.kr/ipop2/patch.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2955823
File size: 323.57 KB
File MD5: 6617b2d01ef7f928c5c03612030b5a99

-http://www.funad.co.kr/ipop2/patch.exe - archive BINARYRES

-http://www.funad.co.kr/ipop2/patch.exe/data002 - archive INNO SETUP

-http://www.funad.co.kr/ipop2/patch.exe/data002/Script0.bin - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/Script1.bin - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/Install_Script.iss - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/0.object - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/1.object - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/Embedded_Setup.exe - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/{app}\popsi.exe - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002 - Ok
-http://www.funad.co.kr/ipop2/patch.exe - Ok
for popsi.exe see:
http://www.threatexpert.com/report.aspx?md5=fbd44adca037e7089596ed722f972531

D

Site blacklisted but has it malware too big to scan?
File size: 323.57 KB ???

First seen: 2011-10-31 02:20:03
Last seen : 2011-12-21 18:33:55

to months old an only a suspicious from Norton ?

Hi Pondus,

Well that was after a hick up with VT that came up with that message and again timed out on me to-night. Hopeless service, but I use their URL scan. Why jotti does not have a URL scan? Even garyshood’s scanner scans URLs.
From time to time the overload there is giving me a pain in the neck. I have altered the topic name accordingly. What is that popsi.exe. Is this malware or just as you say only a general detection flagged by Symantec? Can you verify?

Damian

Why jotti does not have a URL scan?
you could send a recuest ? would be nice with a alternative to VT

Hi Pondus,

Have mailed their team if they would consider opening up such a service in the foreseeable future. Let us now wait for their reply,

polonus