porno trk porno rokettube
Page 3 of 3 FirstFirst 123
Results 41 to 50 of 50

Thread: Freeware to test a specific web site php URL for malware?

  1. #41
    Ext User(...winston) Guest

    Re: Freeware to test a specific web site php URL for malware?

    jan wrote:
    > Is there a way to test a website for malware without going to it?
    >
    > Recently a family member had their mail account hijacked where an email
    > was sent to all their contacts, including me, and it contained a link to
    > the web site below:
    >
    > http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash
    > 876569 dot php
    >
    > Some of the family members actually clicked on the link, and found it to
    > be a green-coffee bean advertisement, and then they asked *me* if it
    > contained a virus. (The Mac & Windows users asked, not the Linux users.)
    >
    > I knew enough not to click on the site but now I need to know *how* to
    > tell if the site contains malware.
    >
    > Is there freeware I can hand this URL to that will check it out for
    > malware payloads?
    >

    That 'Green coffee bean' ad has been floating around for some time
    across a bevy of different isp email addresses.

    Not all originate from the senders email address, some with forged
    headers, some from harvesting addresses from one of the faked sender's
    contacts (i.e. the sender may not be compromised but one of their
    contacts)...the list goes on.



    --
    ...winston
    msft mvp consumer apps

  2. #42
    Ext User(Mike Easter) Guest

    Re: Freeware to test a specific web site php URL for malware?

    jan wrote:
    Newsgroups: alt.comp.freeware,alt.os.linux,alt.windows7.genera l

    Do not crosspost to any groups you aren't subscribed. I suspect that you
    might not be subscribed/reading alt.comp.freeware.

    --
    Mike Easter

  3. #43
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    jan <jan@is.invalid> wrote:
    > On Tue, 17 Sep 2013 16:49:44 +0000, ~BD~ wrote:
    >
    >> Detection ratio 3/39
    >> Can you not see that at my link?

    >
    > Hi Dave,
    > I did visit your link, and I ran the test myself, which
    > showed the following:
    >
    > a. BitDefender Malware site
    > b. Sophos Malicious site
    > c. Websense ThreatSeeker Malicious site
    > d. CLEAN MX Suspicious site
    >
    > But, I'm not sure what that means, to me, and I'm definitely
    > unclear what to tell my siblings who had clicked on the link.
    >
    > What does this mean, to a Mac/Windows/Linux user?


    I'm no expert, Jan, but I don't think Mac or Linux users need be too
    concerned if they had clicked on the link. I'd suggest that Windows users
    check their machines with an on-line scanner such as this one
    http://housecall.trendmicro.com/uk/index.html
    --
    Dave

  4. #44
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 22:23:46 +0000 (UTC)
    jan <jan@is.invalid> wrote:

    > On Tue, 17 Sep 2013 19:59:25 +0000, ~BD~ wrote:
    >
    > > I'm no expert, Jan, but I don't think Mac or Linux users need be too
    > > concerned if they had clicked on the link.

    >
    > Hi Dave,
    > I always understood why a Windows PC is very vulnerable
    > (mainly because there are no protections against root execution),
    > but, you can still load a user-run virus onto Mac & Linux, can't you?
    >
    > This has always eluded me as to why virus writers don't write
    > programs that drop into, say, your home directory, and which execute
    > as the user.
    >
    > They could still log keystrokes, websites, take files that the user
    > has permission for (which is most if not all their data files), etc.
    >
    > So, I just don't get how a Linux/Max user would be protected all
    > that much more than a Windows user (other than root privileges).
    >
    > Can't a virus do damage executing as the current user?
    >
    > (Certainly I can do a "rm -r *" and that would be devastating to my
    > data.)


    They mostly only need root or admin tokens to obtain stealth and/or
    persistence.

  5. #45
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    jan <jan@is.invalid> wrote:
    > On Tue, 17 Sep 2013 19:59:25 +0000, ~BD~ wrote:
    >
    >> I'm no expert, Jan, but I don't think Mac or Linux users need be too
    >> concerned if they had clicked on the link.

    >
    > Hi Dave,
    > I always understood why a Windows PC is very vulnerable
    > (mainly because there are no protections against root execution),
    > but, you can still load a user-run virus onto Mac & Linux, can't you?
    >
    > This has always eluded me as to why virus writers don't write
    > programs that drop into, say, your home directory, and which execute
    > as the user.
    >
    > They could still log keystrokes, websites, take files that the user
    > has permission for (which is most if not all their data files), etc.
    >
    > So, I just don't get how a Linux/Max user would be protected all
    > that much more than a Windows user (other than root privileges).
    >
    > Can't a virus do damage executing as the current user?
    >
    > (Certainly I can do a "rm -r *" and that would be devastating to my
    > data.)


    I regret that I don't have sufficient knowledge to advise you, Jan.
    I'm sorry!
    --
    Dave

  6. #46
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    FromTheRafters <erratic@nomail.afraid.org> wrote:
    > On Tue, 17 Sep 2013 21:22:57 +0000 (UTC)
    > ~BD~ <~BD~@nomail.afraid.com> wrote:
    >
    >> FromTheRafters <erratic@nomail.afraid.org> wrote:
    >>> On Tue, 17 Sep 2013 18:50:08 +0000 (UTC)
    >>> jan <jan@is.invalid> wrote:
    >>>
    >>>> On Tue, 17 Sep 2013 17:44:44 +0000, FromTheRafters wrote:
    >>>>
    >>>>> zulu.zscaler or wepawet would be a better choice
    >>>>
    >>>> Trying just http://zulu.zscaler first ...
    >>>>
    >>>> Given this original suspected URL:
    >>>> aochi dot hideo dot perso dot neuf dot fr slash 876569.php
    >>>> I pasted that into http://zulu.zscaler.com where the first
    >>>> problem I had was nothing worked, so I had to again turn off
    >>>> all my script blockers.
    >>>>
    >>>> Then, I tried to answer the zulu.zscaler "user agent" question.
    >>>> However, I have FirefoxESR 17.0.8 (RHEL6) which isn't one of the
    >>>> options, so I picked Firefox 8, which was the closest available.
    >>>>
    >>>> I didn't know what to put for the "Referrer" so I left it blank.
    >>>>
    >>>> The results for the primary URL came up as "5/100 (Benign)".
    >>>> a. This URL has been analyzed by Zulu in the past
    >>>> b. Analyzed on: 09/17/2013 at 18:33 GMT
    >>>> c. Redirections: greencoffee dash fat dash loss dot com/?20/12 (302 Moved Temporarily)
    >>>> d. IP Address: 86.65.123.70, Country: France
    >>>> e. Netblock size has size 511
    >>>>
    >>>> Well, at least *that* site figured out there was a redirect involved,
    >>>> so, this is better than virustotal (which didn't figure that out).
    >>>>
    >>>> Then I repeated this with the secondary URL (the coffee page):
    >>>> greencoffee dash fat dash loss dot com ?20/12
    >>>> That was red flagged as 100/100 Malicious
    >>>> IP Address: 46.249.59.209 located in the Netherlands
    >>>> a. Blacklisted in multiple real-time domain blocklists
    >>>> b. Blacklisted in multiple real-time domain blocklists
    >>>> c. Netblock size has size 255
    >>>> d. IP address has been identified as risky by one/more sources
    >>>>
    >>>> So far, here's my observations:
    >>>> A. VirusTotal = not the best choice because it doesn't know about the redirect
    >>>> B. Zule.Scaler = a better choice because it at least tells you about the redirect
    >>>> C. I will try wepawet next
    >>>
    >>> VT should not have been suggested in the first place since it isn't
    >>> what the OP asked for but is instead a file submission scanner.

    >>
    >> You are mistaken, FTR - VT fulfils BOTH functions!

    >
    > I see that now, thanks.


    YW :-)
    --
    Dave

  7. #47
    Ext User(Jasen Betts) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On 2013-09-17, FromTheRafters <erratic@nomail.afraid.org> wrote:
    > On Tue, 17 Sep 2013 22:23:46 +0000 (UTC)
    > jan <jan@is.invalid> wrote:
    >
    >> On Tue, 17 Sep 2013 19:59:25 +0000, ~BD~ wrote:
    >>
    >> > I'm no expert, Jan, but I don't think Mac or Linux users need be too
    >> > concerned if they had clicked on the link.

    >>
    >> Hi Dave,
    >> I always understood why a Windows PC is very vulnerable
    >> (mainly because there are no protections against root execution),
    >> but, you can still load a user-run virus onto Mac & Linux, can't you?
    >>
    >> This has always eluded me as to why virus writers don't write
    >> programs that drop into, say, your home directory, and which execute
    >> as the user.
    >>
    >> They could still log keystrokes, websites, take files that the user
    >> has permission for (which is most if not all their data files), etc.
    >>
    >> So, I just don't get how a Linux/Max user would be protected all
    >> that much more than a Windows user (other than root privileges).
    >>
    >> Can't a virus do damage executing as the current user?
    >>
    >> (Certainly I can do a "rm -r *" and that would be devastating to my
    >> data.)

    >
    > They mostly only need root or admin tokens to obtain stealth and/or
    > persistence.


    They don't need admin for persistence (eg: using @reboot in crontab)




    --
    ⚂⚃ 100% natural

    --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

  8. #48
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On 19 Sep 2013 07:56:56 GMT
    Jasen Betts <jasen@xnet.co.nz> wrote:

    > On 2013-09-17, FromTheRafters <erratic@nomail.afraid.org> wrote:
    > > On Tue, 17 Sep 2013 22:23:46 +0000 (UTC)
    > > jan <jan@is.invalid> wrote:
    > >
    > >> On Tue, 17 Sep 2013 19:59:25 +0000, ~BD~ wrote:
    > >>
    > >> > I'm no expert, Jan, but I don't think Mac or Linux users need be too
    > >> > concerned if they had clicked on the link.
    > >>
    > >> Hi Dave,
    > >> I always understood why a Windows PC is very vulnerable
    > >> (mainly because there are no protections against root execution),
    > >> but, you can still load a user-run virus onto Mac & Linux, can't you?
    > >>
    > >> This has always eluded me as to why virus writers don't write
    > >> programs that drop into, say, your home directory, and which execute
    > >> as the user.
    > >>
    > >> They could still log keystrokes, websites, take files that the user
    > >> has permission for (which is most if not all their data files), etc.
    > >>
    > >> So, I just don't get how a Linux/Max user would be protected all
    > >> that much more than a Windows user (other than root privileges).
    > >>
    > >> Can't a virus do damage executing as the current user?
    > >>
    > >> (Certainly I can do a "rm -r *" and that would be devastating to my
    > >> data.)

    > >
    > > They mostly only need root or admin tokens to obtain stealth and/or
    > > persistence.

    >
    > They don't need admin for persistence (eg: using @reboot in crontab)


    Also they don't need admin if they get restarted by infecting a program
    with code to restart the rest of the program, or if they are viral in
    nature.

  9. #49
    Ext User(G. Morgan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    FromTheRafters wrote:

    >Does VT follow links? What did they think of
    >hxxp://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js



    C:\Users\Graham>wget
    http://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js
    --2013-09-20 17:07:03--
    http://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js
    Resolving aochi.hideo.perso.neuf.fr... 86.65.123.70
    Connecting to aochi.hideo.perso.neuf.fr|86.65.123.70|:80... connected.
    HTTP request sent, awaiting response... 404 Not Found
    2013-09-20 17:07:05 ERROR 404: Not Found.

    --

    They who can give up essential liberty to obtain a little temporary safety,
    deserve neither liberty nor safety. - Ben Franklin

  10. #50
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Fri, 20 Sep 2013 17:08:26 -0500
    G. Morgan <graham@grahammorgan.name> wrote:

    > FromTheRafters wrote:
    >
    > >Does VT follow links? What did they think of
    > >hxxp://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js

    >
    >
    > C:\Users\Graham>wget
    > http://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js
    > --2013-09-20 17:07:03--
    > http://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js
    > Resolving aochi.hideo.perso.neuf.fr... 86.65.123.70
    > Connecting to aochi.hideo.perso.neuf.fr|86.65.123.70|:80... connected.
    > HTTP request sent, awaiting response... 404 Not Found
    > 2013-09-20 17:07:05 ERROR 404: Not Found.


    Limited time offer I guess.

    It had some mildly obfuscated JS and other links to follow with
    "random" data appended to the passed values. I didn't have the time, nor
    the programs I need to follow it further.

    I'm pretty sure it was just an advertisement scam. It looks like Google
    added their website reputation thing to VT, so I was just wondering
    what they/it thought of the JS page.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •