Websites that say they are infected

I got different messages popping up when i visit, kroq.com, onlypoints.com, and chang4law.com

Is there a way to see if they are really infected? Thanks

Hi adam2551

check these :

  1. http://www.google.com/safebrowsing/diagnostic?site=kroq.com
  2. http://www.google.com/safebrowsing/diagnostic?site=onlypoints.com
  3. http://www.google.com/safebrowsing/diagnostic?site=chang4law.com

and also see this : http://googleonlinesecurity.blogspot.com/2009/10/show-me-malware.html

nmb

Hi adam2551 and nmb,

Checked with Norton safe web scanner - kroq dot com was safe;
onlypoints dot com no threats, chang4law dot com not tested,
Wepawet on chang4law dot com reported:
Sample Overview

URL hXtp://www.chang4law.com
MD5 1057535a0aaec10289c36d774d30e667
Analysis Started 2009-10-14 10:27:51
Report Generated 2009-10-14 10:28:12
Jsand version 1.03.02
See the report for domain wXw.chang4law.com.

Detection results

Detector Result
Jsand 1.03.02 benign
Warning:

The analyzed resource contains one or more syntax errors.
This may affect the detection of malicious code.

Exploits

No exploits were identified.
Deobfuscation results

Evals

No evals.
Writes


(repeated 1 time)
Network Activity

Requests

URL Status Content Type
htXp://www.chang4law.com 200 text/html
hXtp://www.chang4law.com/mm_menu.js 200 text/javascript
Redirects

No redirects.
ActiveX controls

No objects/controls.
Shellcode and Malware

No shellcode was identified.

No additional malware was retrieved. But the malware is found here in the javascript code above:
re: http://badwarebusters.org/main/itemview/4302
Another example description of the malware can be found here: http://www.malwaredomainlist.com/forums/index.php?topic=2754.0

Analysis report for hxtp://www.onlypoints.com

Sample Overview

URL hxtp://www.onlypoints.com
MD5 c09763d98641acd9b2dc6b3cf5c13079
Analysis Started 2009-10-14 10:36:39
Report Generated 2009-10-14 10:36:46
Jsand version 1.03.02
See the report for domain wXw.onlypoints.com.

Detection results

Detector Result
Jsand 1.03.02 benign
Exploits

No exploits were identified.
Deobfuscation results

Evals

var google_protectAndRun
(repeated 2 times)
var google_handleError
(repeated 2 times)
var Goog_AdSense_getAdAdapterInstance
(repeated 2 times)
var Goog_AdSense_OsdAdapter
(repeated 2 times)
var sc_img1 = new Image();
sc_img1.src = "
hxtp://c19.statcounter.com/t.php?sc_project=2003099&resolution=1024&h=768&camefrom=&u=http
%3A//wXw.onlypoints.com&t=OnlyPoints.com%20-%20Play%20free%20flash%20multiplayer%20and%20r
anked%20games%20for%20prizes%20-%20OnlyPoints%20Games&java=1&security=8c5686a5&sc_random=0
.2501259057045536&sc_snum=1&invisible=1"
(repeated 1 time)
Writes

(repeated 1 time)

(repeated 1 time)
Network Activity

Requests

URL Status Content Type
http://wXw.onlypoints.com 200 text/javascript
http://wXw.onlypoints.com/AC_RunActiveContent.js 200 text/javascript ***
http://wXw.onlypoints.com/arcade/plugins/site/themes/default/responseXML.js 200 text/javascript
http://wXw.onlypoints.com/arcade/plugins/site/themes/default/superfriend.js 200 text/javascript
http://wXw.google-analytics.com/ga.js 200 text/javascript
hXtp://pagead2.googlesyndication.com/pagead/show_ads.js 200 text/javascript
hXtp://www.statcounter.com/counter/counter.js 200 text/javascript
Redirects

No redirects.
ActiveX controls

Msxml2.XMLHTTP
No attribute setting or method call detected
ShockwaveFlash.ShockwaveFlash.7
Name Arg0 Count
Methods GetVariable
$version
1
Shellcode and Malware

No shellcode was identified.

No additional malware was retrieved. *** This is detected by avast as AC_RunActiveContent.js. VBS:Malware-gen,

polonus

Thanks sir Pol, for the detailed results.

nmb