Hi malware fighters,
Trying to open this in malzilla: htxp://www.knighthaber.com/?sayfa=sozlesme
I got immediately blocked, because of this being a malware site:
Security Risks
The site is especially dangerous when opened up with IE…
Threats found: 4
Threat Name: HTTP C6 Messenger ActiveX File Overwrite
Location: htxp://www.knighthaber.com/?sayfa=sozlesme
Threat Name: HTTP C6 Messenger ActiveX File Overwrite
Location: htxp://www.knighthaber.com/
Threat Name: HTTP C6 Messenger ActiveX File Overwrite
Location: htxp://www.knighthaber.com/?sayfa=urunler
Threat Name: HTTP C6 Messenger ActiveX File Overwrite
Location: htxp://www.knighthaber.com/?sayfa=iletisim
Virus
Threats found: 1
Threat Name: Trojan.Gen
Location: htxp://www.knighthaber.com/cupdate.exe
From the attached code image, one sees the site almost immediately redirects
after Empty source - Could not connect to site…
What is found there: Virus.JS.Downloader.Small!IK
S/Downloader.Small.(S)
This signature detects attempt to exploit a remote file download vulnerability by sending specially crafted arguments into a a method of C6 Messenger ActiveX Control.
Specifically, the vulnerability affects the ‘propDownloadUrl()’ method of the Installation URL Downloader ActiveX control identified by CLSID:
c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61
Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage,
and there are no known FPs involved here…
polonus