One of the qualified removal experts here asked me to look into the threat risk status of two sites.
So let us delve into this and see what we can dig up for him and the users here.
This one is flagged: https://www.virustotal.com/nl/url/e50650c891882ddb71c4dd85518920a528a73521c9b94ab1316f9d895f8610c1/analysis/1384555221/
This was certainly launching malcode in the recent past: http://urlquery.net/report.php?id=7736724
Part of the threat from there as reported is because it is flagged as “Detected a Dynamic DNS URL”
We see a IDS alert and can read on this IDS alert here: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/19175
ET POLICY External IP Lookup Attempt To Wipmania [Classification: Misc activity] [Priority: 3] {TCP}
Wipmania has been associated with DorkBot trojans.
What is closed malware on this IP and what is still active we find here: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=79.143.179.%
The other site the malware removal specialist mentioned has this known javascript malware, application/x-javascript →
http://sitecheck.sucuri.net/results/www.milversite.net/
Described here: http://labs.sucuri.net/db/malware/malware-entry-mwjsanon7?v9
The specific malcode: http://jsunpack.jeek.org/?report=4854e48ecee6279ff66c8685c282c97fc74c6e85
Suspicious iFrame: Suspicious
htxp://onlineadserv.com/st?ad_type=iframe&ad_size=160x600&site=1318894§ion_code=&pub_url=${pub_u’
Also consider these sites: http://wsowner.com/ip/80.241.220.51
The other site has external links here:
also to htxp://clkrev.com/adServe/banners? this is Yandex marked suspicious and various extensions blockk it.
Script could mis-execute in DOMNodeList.
Malcode from there seems closed now: http://support.clean-mx.de/clean-mx/viruses?id=15629598
polonus