Hey guys!
If you got time, check this url out
hxxp://www.mopays.com/archive-sitemap/
Hey guys!
If you got time, check this url out
hxxp://www.mopays.com/archive-sitemap/
Known javascript malware. (See screenshot)
Details: http://sucuri.net/malware/malware-entry-mwjs69693
VirusTotal - 27/43
https://www.virustotal.com/file/0e752c83a2604a04f60106551978c7ca01c9cd70cb46bc2981f23329f75d5670/analysis/1328283963/
Erm…well how did you scan the link with the antiviruses in virustotal?
I’m not used to the new webpage ^^"
under the blue button there is a “Scan url or search”
but to scan the html…you have to download it…as it will not do that automatic like the old one did…yet
That’s just too bad
Just for fun, that \x??\x?? script decodes to an ip/php address that is blocked by the network shield.
Hi Shiw,
Getting to the file scan results from within a VT url scan is a bit more complicated now,
because we have to have the response content SHA-256 to look it up and then only when the file has been scanned previously. Then we may find the file scan results.
Here nothing is being found up: http://vscan.urlvoid.com/analysis/81410964e07d0d8655897daad49731de/YXJjaGl2ZS1zaXRlbWFw/
Given safe here as well: http://urlquery.net/report.php?id=19235
Vulnerabilties found here: Wordpress internal path: -/home/mopays/public_html/wp-content/themes/newspaper/index.php vulnerable for Wordpress hacks to redirect to exploit kit malware, see: http://urlquery.net/report.php?id=16643 (no longer up) in the Ipilion malware list - every index php file on the server is infected, even the index.php files in the /wp-content or /wp-conent/themes/ are infected and have to be cleansed.
Description of this WP hack: http://wordpress.org/support/topic/jsagent-warnings-in-avg-nightmare-hack-in-multiple-wordpress-sites (WordPress forum poster = boeellis)
Avast flags: -http://www.mopays.com/wp-content/themes/newspaper/js/slides.min.jquery.js
as JS:Agent-PL[Trj] by the webshield.
Do not forget even after such a shield warning to scan all of your browser folder, the threat flagged for instance with Google Chrome will make you have to quarantine \User Data\Default\History Index 2012-02. Place this file in the chest after you have closed the browser. When you get a shield flag, close the browser with CTRL+Alt+Del. Do not go back on your tracks, never reload the page flagged. Then perform the full browser folder scan after opening up browser file location.
Here this flagged: http://www.google.com/safebrowsing/diagnostic?site=jobs.mopays.com
This is also something you would not like from there:
-www.mopays.com/wp-content/plugins/sharebar/js/sharebar.js?ver=3.3.1 suspicious
[suspicious:2] (ipaddr:174.37.158.201) (script) -www.mopays.com/wp-content/plugins/sharebar/js/sharebar.js?ver=3.3.1
status: (referer=-www.mopays.com/archive-sitemap/)saved 1802 bytes 99bf73bcdf0081a5b26315bad21f73d5c33b3294
info: [decodingLevel=0] found JavaScript
suspicious:
Web rep is good: http://www.webutation.net/go/review/mopays.com,
polonus
Hi Shiw,
Getting to the file scan results from within a VT url scan is a bit more complicated now,
because we have to have the response content SHA-256 to look it up and then only when the file has been scanned previously. Then we may find the file scan results.Here nothing is being found up: http://vscan.urlvoid.com/analysis/81410964e07d0d8655897daad49731de/YXJjaGl2ZS1zaXRlbWFw/
Given safe here as well: http://urlquery.net/report.php?id=19235Vulnerabilties found here: Wordpress internal path: -/home/mopays/public_html/wp-content/themes/newspaper/index.php vulnerable for Wordpress hacks to redirect to exploit kit malware, see: http://urlquery.net/report.php?id=16643 (no longer up) in the Ipilion malware list - every index php file on the server is infected, even the index.php files in the /wp-content or /wp-conent/themes/ are infected and have to be cleansed.
Description of this WP hack: http://wordpress.org/support/topic/jsagent-warnings-in-avg-nightmare-hack-in-multiple-wordpress-sites (WordPress forum poster = boeellis)
Avast flags: -http://www.mopays.com/wp-content/themes/newspaper/js/slides.min.jquery.js
as JS:Agent-PL[Trj] by the webshield.
Do not forget even after such a shield warning to scan all of your browser folder, the threat flagged for instance with Google Chrome will make you have to quarantine \User Data\Default\History Index 2012-02. Place this file in the chest after you have closed the browser. When you get a shield flag, close the browser with CTRL+Alt+Del. Do not go back on your tracks, never reload the page flagged. Then perform the full browser folder scan after opening up browser file location.Here this flagged: http://www.google.com/safebrowsing/diagnostic?site=jobs.mopays.com
This is also something you would not like from there:
-www.mopays.com/wp-content/plugins/sharebar/js/sharebar.js?ver=3.3.1 suspicious
[suspicious:2] (ipaddr:174.37.158.201) (script) -www.mopays.com/wp-content/plugins/sharebar/js/sharebar.js?ver=3.3.1
status: (referer=-www.mopays.com/archive-sitemap/)saved 1802 bytes 99bf73bcdf0081a5b26315bad21f73d5c33b3294
info: [decodingLevel=0] found JavaScript
suspicious:
Web rep is good: http://www.webutation.net/go/review/mopays.com,polonus
Hi polonus,
First of all I should thank you for explaining me all these ;D
And yup no worry, hopefully my browser was sandboxed
Hi Shiw,
Yes the sandboxed Google Chrome browser protection in combination with avast and an updated and fully patched OS and third party software (via Secunia PSI). German officials believe in this and not only they, you do also as I see,
polonus