When I attempted to visit the web site of the World Uyghur Congress a few moments ago, Avast! generated a pop-up window indicating that it had blocked the download of a virus. It would not be surprising if this site were hacked maliciously as an Australian film festival web site was also reported hacked this morning by a protester in China unhappy that the festival is planning to show a documentary film on an exiled Uyghur leader.
Here are the details I encountered:
Virus identified: JS-CVE-2009-1136-A[Expl] (which is an Exploit)
I would appreciate it if others more expert than me could confirm that this site is contaminated, and obtain any further useful infomation. Many thanks.
First, please could you modify the URL to make it inactive (i.e. change www to wXw) to prevent others potentially becoming infected.
Second, this seems to be an injected script that links to an infect javascript file at the site mentioned.
It is within the html and body tags so it is unclear whether it was originally supposed to be there.(first image)
The contents of the js file are suspicious as there is a very long piece of what looks like obfuscated code (second image)
The main point is that this is a genuine detection and is something that needs investigating
Although avast didn’t alert on visiting the link to the home.asp page - At the bottom of the home page is a script tag (see image) that tries to run a javascript document for an other site the file you mentioned. So this script tag could have been inserted maliciously.
I tried to get a copy of the document.js file but it is 0KB file size, this may have been why avast doesn’t alert as there ‘currently’ is no content in that file, that could change at any time and the real problem would be why the script tag has been inserted in the first place.
And this is at the crux of the malcode, because Description:
Anehta is a PHP/Javascript based platform to make cross site scripting and other web attacks easier, via a specific “attack API”.
Author: axis
Homepage: hXtp://code.google.com/p/anehta/
File Size: 5596731
Last Modified: Nov 25 17:46:32 2008
MD5 Checksum: 5316c6cb785caef595c58e80a97f4ce8