API tools faq
paste
Advertisement
Guest User

MBP#1

a guest
Nov 15th, 2014
204
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.52 KB | None | 0 0
raw download clone embed print report
  1. ---------------------------------------------------------------------------------------------------
  2. Previous:
  3.  
  4. https ://archive .org/details /atomicnucleus032805mbp
  5. linked by ManBearPig @ http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588156
  6. 2/61 detections via https://www.virustotal.com/en/url/e5963b3d2e8f5242d43fb74af049a822d9cf7a6dee9c7e8642c08fdb63337d80/analysis/1416048420/
  7. Quote: "Blueliv Malicious site
  8. Malware Domain Blocklist Malicious site"
  9. ---------------------------------------------------------------------------------------------------
  10.  
  11. Do bear in mind that none of this should be considered "actionable" until confirmed.
  12. No sense going off half-Vox'ed. :lol
  13.  
  14. Here's an update to the last candidate link, which only scored as a "Malicious site" on 2/61 URL Scanners:
  15. http://quttera.com/detailed_report/archive.org
  16. Quote from "Blacklisting status" --> "Quttera Labs - domain is Malicious. more info"
  17. That site is long on blacklists, but damn short on details. (Inconclusive)
  18.  
  19.  
  20. Here is another candidate (with spaces for sanity's sake):
  21. http ://www.uefap .com /reading /exercise /ess3 /gamow .htm
  22.  
  23. posted: http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588284
  24.  
  25. Analysis: https://www.virustotal.com/en/url/d2e8d4d5534b9d4ddc16c0599f426eb971bb2af3ea84de6e05da8a68fbf138fc/analysis/1416050535/
  26. That registers 1/61 detection as a "Malware Site".
  27.  
  28. http://sitecheck.sucuri.net/results/www.uefap.com
  29.  
  30. Quote: "Website: www.uefap.com
  31. Status: Site Potentially Harmful. Immediate Action is Required.
  32. Web Trust: Blacklisted (10 Blacklists Checked): Indicates that a major security company (such as Google, McAfee, Norton, etc) is blocking access to your website for security reasons. Please see our recommendation below to fix this issue and restore your traffic."
  33. ...
  34. "Site Likely Compromised"..."Outdated Web Server Apache Found: Apache/2.2.3"
  35. ...
  36. "Domain blacklisted By Yandex (via Sophos): uefap.com - reference"
  37.  
  38. Reference: http://www.yandex.com/infected?url=uefap.com&l10n=en
  39. Quote: "Yandex has detected malware on this site that may harm your computer or gain access to your personal information."
  40.  
  41. Interesting that only a Russian site puts up red flags.
  42. Translated Quote: "Yandex periodically checks the page. Last check (less than a week ago) has shown that the site was placed malicious code. This could happen as desired site owners and without their knowledge - as a result of malicious acts. If at the next check code is detected, Yandex stops mark the site in search results as dangerous."
  43. ...
  44. "Malware: contains Troj/JSRedir-NG (data provided by Sophos)."
  45. https://nakedsecurity.sophos.com/2009/12/23/gnu-gpl-malware-trojjsredirak/
  46. Title: "GNU GPL malware?: Troj/JSRedir-AK" ... "by SophosLabs on December 23, 2009"
  47.  
  48. Dud here: Note the differing suffixes.
  49.  
  50. Quote: "The next few lines of code do the redirection to a webpage in Russia with the following legitimate strings in its URL:
  51.  
  52. google-com-ar
  53. google.ch
  54. google.com
  55. mininova.org
  56. cams.com
  57. ip138-com
  58.  
  59. I suspect that this code is part of a larger hack and if you find this code on your website please send us samples of other recently modified files."
  60.  
  61. Dud here: There might be your Russian web traffic.
  62.  
  63. see http://en.wikipedia.org/wiki/Gumblar
  64.  
  65. Quote: "Gumblar is a malicious Javascript trojan horse file that redirects a user's Google searches, and then installs rogue security software. Also known as Troj/JSRedir-R this botnet first appeared in 2009."
  66. ...
  67. "Gumblar.X infections were widely seen on systems running older Windows operating systems.[2] Visitors to an infected site will be redirected to an alternative site containing further malware. Initially, this alternative site was gumblar.cn, but it has since switched to a variety of domains. The site sends the visitor an infected PDF that is opened by the visitor's browser or Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer. Newer variations of Gumblar redirect users to sites running fake anti-virus software."
  68.  
  69. Dud here: There is your fake security software via a malicious pdf.
  70.  
  71. Quote: "See also: Malware, E-mail spam, Internet crime"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!