web marketing association website warning?

Discussion in 'NOD32 version 2 Forum' started by iHz, Dec 24, 2006.

Thread Status:
Not open for further replies.
  1. iHz

    iHz Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    54
    Hi, I was just having a look at the Web Marketing association web awards website(no idea why really), and when i click a link to one of the external sites, NOD32 gives me a warning about a downloader and requires me to terminate.
    Just wanted to know if it happens with anyone else, and is this normal, the site seems big enough not to have this sort of thing happening.

    hXXp://www.webaward.org/winners_result.asp
     
    Last edited by a moderator: Dec 24, 2006
  2. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi!

    strange behavior indeed (url) :cautious:

    btw - merry xmas! :D

    strange2.png
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    On virustotal there's 8 other vendors which also detects it (most of them calls it IFrameBof).
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    checked it myself and linkscanner pro caught it before nod did linkscanner pro calls it IE VML overflow,its looks like a definant exploit atempt.
     
  5. iHz

    iHz Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    54
    woops, sorry for putting the link.
    Yeah cant be too careful these days, definitely doesnt look like a website with an exploit, oh well.
    Thank goodness for NOD32, saved me many times.
    :D
     
    Last edited: Dec 25, 2006
  6. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Looks like my NoD32 has had too much xmas cheer.

    NoD didn't say boo when I dropped by??
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    A screen cap from your IMON setup would be helpful, as well as the version number from NOD32 installed ;)
     
  8. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Hello Paul W.

    Unfortunately the disappointment of still not seeing a "virus warning pop-up" led me to uninstall NoD32. So the IMON's not there.

    The version is 2.7 on trial. I am much impressed with the enthusiasm that NoD lovers have for the product. I so much want to be an avid follower too. I'm under pressure to buy Kaspersky by my peers. But I got a hunch NoD will look after me.

    Perhaps you could direct me to an infected site or a virus I can download so I can experience a Pop-up screen. I really don't want to be stuck with Kaspersky's 'screaming monkey' alert.
     
  9. ASpace

    ASpace Guest

    Tisatashar , the fact you haven't seen an alert from NOD32 doesn't make the product not working . You could have used Silent Mode or it could be even more simple -> NO infections

    I think we live in free countries and nobody can't make you buy something you don't want , pal , no matter what it is

    Not a real virus but the pop up will be there www.eset.com/eicar.com if you have setup NOD32 to do so (see the attachment)


    http://pandaman.my.contact.bg/eicar-imon.PNG
     

    Attached Files:

  10. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    O.K. :thumb:

    It worked. Thanks for your help.
     
  11. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi!

    just an addition:

    every link in the "web awards winner's list" points to hXXp://xinch13.h17.ru/uniq.php and then you got redirected to hXXp://xark11.at.tut.by/exploit.html (and thats a real EXPLOIT!!! looks like it uses a buffer overflow to inject some shellcode...)

    it seems that they got hacked... :cautious:
     
  12. ASpace

    ASpace Guest


    No problem . You are welcome :)
     
Thread Status:
Not open for further replies.