.

Viruses and worms
1

.

2

http://zulu.zscaler.com/submission/show/fb6b33599b4ded3d384f21c0611d4a19-1420226508
http://www.websicherheit.at/en/security-tools/web-security-test-scan-results/
https://www.virustotal.com/en/url/fd6d48cc98ad932da9c9fd3b989952d9699308adae4d54ac08f81a0e94723ead/analysis/1420226652/
http://www.urlvoid.com/scan/mdforum.ru/
http://urlquery.net/report.php?id=1420226765845
http://sitecheck.sucuri.net/results/mdforum.ru
http://urlquery.net/report.php?id=1420226824722
http://dnscheck.pingdom.com/?domain=mdforum.ru
http://dnscheck.sidn.nl/?time=1420227391&id=1788996&view=basic&test=standard
http://multirbl.valli.org/lookup/mdforum.ru.html
http://multirbl.valli.org/lookup/193.169.244.192.html

3

.

4

For ns3.mdforum.ru could not get domain’s name servers from parent servers.
Take this up with AS50673 Serverius Holding B.V., the Netherlands.
Issues here: http://www.dnsinspect.com/mdforum.ru/1420226406
Javascript Check flagged Suspicious

imgdir_misc = “hxtp://mdforum.ru/images/mdf/misc”; var vb_disable_ajax = parseint(“0”, 10); // → <script type=“text/javascript” src="clientscript/vbulletin_global…

Google Browser Diff.: Not identical

Google: 36873 bytes Firefox: 40767 bytes
Diff: 3894 bytes

First difference:
/script> img.bbcodeimage { max-width: 600px; } .wysiwyg…

Code with exceeded runtime: -mdforum.ru/clientscript/scripts/devselect/devselect.js benign
[nothing detected] (script) -mdforum.ru/clientscript/scripts/devselect/devselect.js
status: (referer=-mdforum.ru/showthread.php?t=5436)saved 10250 bytes 86d1ab43f11667b999bbd57329133449c9a65e80
info: [decodingLevel=0] found JavaScript
suspicious:

https://oauth.vk.com/authorize? has a covert redirect vulnerability!
PHP config SQL exploitable? http://www.exploit-db.com/exploits/34970/
-http://mdforum.ru/showthread.php?t=5436 is in Dr.Web malicious sites list!
IP badness history: https://www.virustotal.com/nl/ip-address/193.169.244.192/information/

polonus (volunteer website security analysy and website error-hunter)

5

.

6

I know that VK,com code is OK as it is, still it is exploitale via a SQL attack.
The OVERDUE malware that is detected at your site is Andr.Exploit.Rat → http://support.clean-mx.de/clean-mx/viruses.php?id=31224650
See:
http://support.clean-mx.de/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fmdforum.ru%2Fattachment.php%3Fattachmentid%3D35857%26amp%3Bd%3D1396752508
Whenever that is a FP, report virus@avast.com and mention this link https://forum.avast.com/index.php?action=post;topic=163923.0;last_msg=1168394
Also I do not know the reason why the good guys z Petersburgu (DrWeb’s) added your website to their list of malicious sites.
Maybe it had to do with this detection: https://www.virustotal.com/nl/file/c5c99eba741eb1c84ead856510e5e7bb721bd1da197dbf2f64e247d08e20ff9b/analysis/
Re: http://jsunpack.jeek.org/?report=aed8b06b0840a235b34c9d34a1329d50c6821f5b

polonus

7

html scan
https://www.virustotal.com/nb/file/17601739ad72eb611cf84939fabc49827e83bc3f342a17429c124cb129f6e97f/analysis/1420232045/
php scan
https://www.virustotal.com/nb/file/39d26b9a6db48b4bb01e6f1184d420d2bcf0a0c78b84a5d569b384c31befd4bc/analysis/1420232071/

you may report it here if you think it is wrong https://support.avast.com/

IP history https://www.virustotal.com/nb/ip-address/193.169.244.192/information/

8

.

9

to see why Dr.web blacklist it, test URL here http://vms.drweb.com/online/?lng=en

quttera info http://quttera.com/detailed_report/mdforum.ru

10

All trafic to external link blocked by Quttera’s -ad.admitad.com is blocked in my browser by an extension, because of spamming:
http://www.projecthoneypot.org/ip_212.224.118.36
Scam an fraud and spam site: https://www.mywot.com/en/scorecard/admitad.com?utm_source=addon&utm_content=popup

polonus

11

.

12

Malware can come through advertisements and admitad is not a trustful site when it comes to delivering adds.

If you look at the links we provided, you will see that your website has multiple issues.

13

Well Alexa states that admitad is unsafe. At least given as suspicious: http://www.scamaudit.com/domain/admitad-lounge.ru
Read: http://www.forum.optymalizacja.com/topic/152502-admitad-zostalem-oszukany-i-okradziony/
Conflicting with this report: http://www.scamvoid.com/check/admitad.com
Part of comment-spam: https://www.projecthoneypot.org/ip_46.211.249.154

polonus