Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?

Or sign in with one of these services
Sign Up

Malware Finding and Cleaning

Hacked website with dangerous virus

User

By User
May 3, 2014 in Malware Finding and Cleaning

Share

Start new topic

Recommended Posts

User

User 13

Posted May 3, 2014

- Share

Posted May 3, 2014 (edited)

Since yesterday this website

xxx.documentopol.es (www replaced by xxx)

tricks the user to download a Adobe Flash Player update, which is a virus.

Every time you load the site a new different file is generated.

ESS does not detect it:

https://www.virustotal.com/de/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/

https://www.virustotal.com/de/file/a4eb2deeea89b7091426f183dda1ca1469ab8eeaad2a2b3cdd70b178ccfdf316/analysis/

Edited May 3, 2014 by User

Link to comment

Share on other sites

ESET Insiders

stackz

stackz 112

Posted May 3, 2014

ESET Insiders

- Share

Posted May 3, 2014

The URL needs to be unlinked.

It's serving up a PWS Fareit variant.

Link to comment

Share on other sites

Administrators

Marcos 5,072

Posted May 3, 2014

Administrators

- Share

Posted May 3, 2014

Now it's detected by 13 AV vendors: https://www.virustotal.com/en/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/1399146337.

Link to comment

Share on other sites

1 month later...

User

User 13

Posted June 19, 2014

Author

- Share

Posted June 19, 2014

Attention:

I think this site has malicious content again:

xxx.documentopol.es (www replaced by xxx)

It tricks you to download a file named FlashPlayer.exe.

Here is virutotal's analysis:

https://www.virustotal.com/en/file/1d8ef2d1f19a47d7c9fc1be6ed498d978c30ebb83b2f0b4d7d23742cb51a754e/analysis/1403187400/

Only Malwarebytes and one other AV program currently detects it as a trojan.

I think ESET should also consider to totally blacklist this site.

Link to comment

Share on other sites

Guest

This topic is now closed to further replies.

Share

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

Quick search
Search In

Everywhere

More options...

Find results that contain...

All of my search term words

Any of my search term words

Find results in...

Content titles and body

Content titles only
FAQ

How do I report a false positive or whitelist my software with ESET?

How to submit Suspicious file to ESET Research Lab via program GUI.

How do I create a Process Monitor file?

How do I use ESET Log Collector?
Topics
- 2
  
  Scrambled installation
  
  By Guest Valentin
  Started 23 hours ago
  
  11 minutes ago, Guest
- 52
  
  ESET SSL protection produces an invalid certificate chain for NodeJS apps
  
  By Guest Cohee
  Started Thursday at 08:14 AM
  
  2 hours ago, Guest
- 0
  
  PCs displaying without FQDN name do not go to Lost & Found
  
  By Keen H
  Started 3 hours ago
  
  3 hours ago, Keen H
- 4
  
  Icon spinning forever
  
  By cvvorous
  Started Monday at 09:13 PM
  
  4 hours ago, cvvorous
- 1
  
  #CASE_00749944 - Emails with Subject line "disarmed"
  
  By Microbe
  Started 5 hours ago
  
  4 hours ago, Microbe

×

Browse
- Back
- Forums
- Staff
- Online Users
Activity
- Back
- All Activity
- My Activity Streams
  - Back
  - New content
- New content
- Leaderboard
- Search
WeLiveSecurity
Digital Security Guide
ESET Technologies
Downloads

×

Create New...