Tonanet
November 21, 2012, 11:28am
1
Hello,
The link :
hxxp://concursosnobrasil.com.br/concurso-publico/unirio
is being detected as JS:Blacole-CY [Expl]
However everything seems to be ok when checking by sucuri :
http://sitecheck.sucuri.net/results/concursosnobrasil.com.br/concurso-publico/unirio
Maybe its a false positive?
Thanks for your time!
Elminster
Milos
November 21, 2012, 11:31am
2
Hello,
I don’t see any detection. Post the screenshot of avast!'s alert window, please.
Milos
polonus
November 21, 2012, 11:33am
3
Pondus
November 21, 2012, 11:35am
4
polonus
November 21, 2012, 11:39am
5
Hi Pondus,
That alert is for another IP 173.194.69.156, the site mitigated to another IP without these IDS alerts,
polonus
Tonanet
November 21, 2012, 11:43am
6
Hello!
Thanks for your reply.
Actually it didnt happened in my computer (So I cant make a screenshot), but in a computer that is reporting to my avast account.
The full information displayed is:
20.11.2012 13:05 WebShield http://concursosnobrasil.com.br/concurso-publico/unirio/| >{gzip} JS:Blacole-CY [Expl]
Maybe was a false positive for yesterday, that was fixed today?
Or the site was indeed infected, but has been fixed by now?
Thanks for your time!
Elminster
Milos
November 21, 2012, 2:01pm
7
Hello!
Thanks for your reply.
Actually it didnt happened in my computer (So I cant make a screenshot), but in a computer that is reporting to my avast account.
The full information displayed is:
20.11.2012 13:05 WebShield http://concursosnobrasil.com.br/concurso-publico/unirio/| >{gzip} JS:Blacole-CY [Expl]
Maybe was a false positive for yesterday, that was fixed today?
Or the site was indeed infected, but has been fixed by now?
Thanks for your time!
Elminster
No, nothing was fixed on our side, the detection is still in VPS.
Milos
Tonanet
November 21, 2012, 4:01pm
8
Hello!
So problaby the site was infected when the mom of my wife visited it and some hours later when I was checking it, the site owners had already fixed it.
Thanks for your time!
Elminster
Tonanet
November 21, 2012, 4:19pm
9
Hello!
The site seems to be infected again.
Now, avast alerted again just now this same exploit, but in the laptop (the first time was in a PC).
Now the person tried to access from the laptop and it got the alert.
I re scan with sucuri net and now it says that is infected:
http://sitecheck.sucuri.net/results/concursosnobrasil.com.br/concurso-publico/unirio
Thanks!
Elminster
Pondus
November 21, 2012, 4:44pm
10