The Story of a Blocked URL

system · November 26, 2010, 5:00pm

This URL (server in China):

http://www.digiall.cn

was blocked by Avast for the first time during Google search due to the following pop-up generating script:

http://www.digiall.cn/jjs/pop.js

Anubis Analysis of the above URL:

The Analysis shows that this Chineese site generates language pack installation pop-ups:

[b]“Language pack installation”

“To display cheracters correctly you need to install the following language pack: Chinese Simplified”[/b]

Is this URL really dangerous ? Other URL analyses do not show anything dangerous:

Any help is appreciated.

Thanks. :

Yanto.Chiang · November 26, 2010, 10:42pm

Hi,

According to URLvoid your referenced website was clean : http://www.urlvoid.com/scan/digiall.cn

I think this website was not infected but the particular problem there is syntax error using javascript :

[nothing detected] www.digiall.cn/
status: (referer=www.google.com/trends/hottrends)saved 32261 bytes 689059a4ff543f20c7e8e0fc54e692fb6bf751e9
info: [img] www.digiall.cn/myimage/logo.jpg
info: [img] www.digiall.cn/myimage/dot.gif
info: [img] www.digiall.cn/myimage/small2.gif
info: [img] www.digiall.cn/myimage/dc-001.jpg
info: [img] www.digiall.cn/myimage/dc-002.jpg
info: [img] www.digiall.cn/myimage/dc-003.jpg
info: [img] www.digiall.cn/myimage/mp3-001.jpg
info: [img] www.digiall.cn/myimage/mp3-002.jpg
info: [img] www.digiall.cn/myimage/mp3-003.jpg
info: [decodingLevel=0] found JavaScript
error: line:4: SyntaxError: missing ] after element list:
error: line:4: m y m o n t h + " \ x d 4 \ x c 2 " + m y d a y + " \ x c 8 \ x d 5 " + w e e k d a y ) ; \ r \ n \ t \ t \ t ’ ]
error: line:4: ^

So if you really need to access this website, you may excluded it from avast web shield scanning to avoid URL blocked by avast.

cheers,

Announcements