giveawayoftheday.com infected?

Discussion in 'other security issues & news' started by acr1965, Oct 25, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I had an alert on my avast when trying to visit giveawayoftheday.com. I ran the url through novirusthanks and virustotal but bot said clean.
     

    Attached Files:

  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    I've seen another thread about this somewhere.
     
  3. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    FWIW- my web shield heuristics sensitivity level is set to normal.
     
  5. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    Avast blocked it on my as well my web shield is set to high.
     
  6. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    No problem/warning here with KIS, Prevx SafeOnline, WOT, or Google blacklist.
     
  7. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    MBAM blocks an outgoing to a possible malicious website but no further problems with gaotd.

    Gerard
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Nothing here. I'm running NOD 32, and Prevx with safeonline.
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I'm getting the same infection warning from avast...
    link removed as it was triggering avast
    I tend to believe and trust avast.
    I also get the MBAM warnings about giveawayoftheday.com.
    Perhaps this trojan is similar to the one that avast detected and is discussed here. In that thread it was suggested by Vlk that it could be a geoIP detection, meaning (I think) not everyone sees it, depending on their location.
     

    Attached Files:

    Last edited by a moderator: Oct 26, 2010
  10. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    My Avast stopping access to the site also!
     
  11. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Someone needs edit page 2 over there. There has got to be some "exploitable code" over there, because AVG LinkScanner is going crazy and it won't allow me to completely read that page.

    Perhaps, replace the real text with some image or just edit text itself to see if won't trigger LinkScanner.
     

    Attached Files:

  13. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Clean according to DynDNS block rules, Dr Web link checker, and PrevX SOL.
     
  14. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i no longer get any detection on the GAOTD site with avast.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This really should be looked at. Who ever wrote the part containing the exploiting code should edit it, so that AVG LinkScanner stops giving the red alert, and not let users read the respective page (page 2) in its whole. :)

    It's boring. :(
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Why don't you just hit the Report Bad Post button and tell them yourself?
     

    Attached Files:

  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's the problem. I get page two blocked, except for the top part, and can't report it. If I could, I would do it.

    I decided to mention it in here, considering there was a moderator posting here. I might as well create some thread somewhere (We'll see the appropriate sub-forum) reporting it.
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Well tell me what post it is and I'll report it, m00nbl00d. :cool:

    Edit in: If it's page 2, it's probably this post. Can you open that link?
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I could open it just fine. Not that. That's just an image. I'd to see something that could be using the form
    Code:
    random stuff
    . Can you see posts over there with these sort of form? Except for the link you already gave, because it sure isn't that either. :)

    Anyway, I've also created a thread in sub-forum to relate problems related to the forum. I never spotted it before.

    -Edit-

    I did what I could had done quite moments ago, but never crossed my mind! I disabled LinkScanner. LOL It is post 39
    Simple things never occurs to us when we need them! hah

    Anyway, thanks for your patience!
     
    Last edited: Oct 26, 2010
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Hey, that crossed my mind too... but it must have kept right on going because I never mentioned it. That thread was a great example of the learning and investigation and cooperation that sometimes goes on here at Wilders and makes it such a good forum. ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.