www.pajacyk.pl

system · February 22, 2009, 6:58pm

i enter this site (i have this site on home site) and i see: virus

DavidR · February 22, 2009, 7:17pm

There is a very large block of script at the bottom of the page source for wXw.pajacyk.pl. just before the closing Body tag, this is outside any of the other page formatting tags, etc.

This looks suspicious because of its location and also that the scripting itself appears to be obfuscated (disguised). The script tag also doesn’t state what type of script it is, e.g. what script language, this doesn’t conform with HTML standards, which the other scripts on this page do. Given that what this script also tries to hid what it is doing, unlike the other scripts on the page, so to me this is suspicious.

So this page might have been hacked and this code inserted.

I take it that this is the alert that you got, see image.

polonus · February 22, 2009, 10:08pm

Hi piwko,

Could well be but here I give you more recent results:

Exploit Prevention Lab’s LinkScanner: Congratulations! LinkScanner Online did not find any exploits.
////////////////////////////////////////////////////////////
DrWeb’s av link checker:
Checking: hxxp://www.pajacyk.pl
Engine version: 5.0.0.12182
File size: 8593 bytes

hxxp://www.pajacyk.pl - archive HTML

hxxp://www.pajacyk.pl/Script.0 - Ok
hxxp://www.pajacyk.pl/Script.1 - Ok
hxxp://www.pajacyk.pl/Script.2 - Ok
hxxp://www.pajacyk.pl/Script.3 - Ok
hxxp://www.pajacyk.pl/Script.4 - Ok
hxp://www.pajacyk.pl/Script.5 - Ok
hxxp://www.pajacyk.pl/Script.6 - Ok
hxxp://www.pajacyk.pl - Ok

Checking: hxxp://www.pajacyk.pl/js/swfobject.js
File size: 6351 bytes

hxxp://www.pajacyk.pl/js/swfobject.js - Ok

Checking: hxxp://idm.hit.gemius.pl/pp_gemius.js
File size: 4883 bytes

hxxp://idm.hit.gemius.pl/pp_gemius.js - Ok

Checking: hxxtp://www.pajacyk.pl/js/funkcje.js
File size: 1231 bytes

hxxp://www.pajacyk.pl/js/funkcje.js - Ok
////////////////////////////////////////////////////////////////////
Norton Safe Web:
hxxp://safeweb.norton.com/report/show?url=www.pajacyk.pl&x=4&y=9
/////////////////////////////////////////////////////////////////////////////////
And also finjan, WOT, McAfee SiteAdvisor and Scandoo,

polonus

system · February 22, 2009, 10:40pm

Pretty confident this is a malware. It’s everywhere :-\ We’ve seen about 1500 infected unique domains (more than 900 from Poland).

polonus · February 22, 2009, 10:50pm

Hi kubecj,

Not gonna argue with you there, that avast shield is pretty good, glad as an avast user and avast evangelist to have it.
Anyway as these kind of infections is the main infection vector now, visiting websites that are injected with something malicious or re-directing to it can be dangerous, especially so as we cannot rely on the average link scanners all the time, so thanks for your confirmation, better safe than sorry!
These detections gonna be a grand additional benefit for the users of the avast av solution,

polonus

Lisandro · February 22, 2009, 10:53pm

Polonus, nowadays, Dr. Web and link scanners are far far far behind avast on detection…

system · February 22, 2009, 10:54pm

Most funny (or tragic) is that the domains are the same, just the malware changes. The admins are completely unaware and if they eventually ‘fix’ it, it usually mean re-uploading, and then re-infecting.

www.pajacyk.pl

Announcements