blackhole exploit kit found by AVG

Home Forums Community General Support Security Issues blackhole exploit kit found by AVG

This topic contains 8 replies, has 0 voices, and was last updated by  zhenyusun 6 years, 8 months ago.

  • Author
    Posts
  • #30948

    zhenyusun
    Participant

    Hi guys,

    i’m running Loaded commerece 6.5 b2b, currently i have at least 3 customers that have AVG anti-virus installed on their computers have reported to us that there are malware found on our site, and the access has then been denied. the malware that were found is call “blackhole exploit kit”, and i have searched on google, it seems to be a popular malware for webshops.

    does anyone have any ideas on how to have it removed??

    many thanks.

  • #129880

    Jim McGettigan
    Moderator

    Here are some tools to check and see for sure, if the virus is actually there or not, I hope this helps to ensure either you have malware or not.

    http://www.avg.com/ww-en/page-rating-report

    http://sitecheck.sucuri.net

    Good luck on finding out, of course we hope the findings are false.

  • #129881

    zhenyusun
    Participant

    Hi Jim,

    thanks for you reply, the second link you sent me couldn’t find any malware / virus on our site, it seems only AVG can detect it. i have reported the issue to AVG, and hopefully they’ll get back to me soon. thanks for the links.

    regards

  • #129882

    soundzgood2
    Participant

    It’s not a virus – you have to visit a dodgy jscript webpage or click a spammy link to reach the malicious code, so it’s ‘user interface error’ that’d drop you in it.

    I reckon AVG would be completely ineffective with this sort of issue – av signatures, especially in a free version which is probably what this thread is referring to with AVG – are always way behind.

    Best practice is to avoid receiving (let alone opening) spammy emails, use anti-phising were possible and get a real, paid for suite of security on your comp. No different strategy than for the other 1000s of malware variants roaming around the net.

    Simon

  • #129884

    zhenyusun
    Participant

    Hi Simon,

    thanks for your reply. i’m not so sure about how to remove the error on the side of the end-users that have AVG installed. I have tried to install AVG on my own computer, and got the same error as our customers reported.

    how to solve the problem? and what do you mean by the best practice is to not reveice any spam emails? we don’t receive / send any spam emails anyways. I’m not quite sure if I understood your suggestion on the solution. Can you please explain it in a little detail?

    many thanks.

  • #129885

    soundzgood2
    Participant
  • #129883

    zhenyusun
    Participant

    Hi Simon,

    I have looked at the link you menthioned, but I don’t think I have the similar code as they have stated in the forum on our website.I hope it’s the AVG that have taken a mistake on this “malware warning”, so I don’t have to fix anything. it’s weired that only AVG can detect it.

  • #129886

    soundzgood2
    Participant

    If you’re not sure whether your site is hosting malware such as this or not, do some scans using kapersky online etc and talk to your hosting company.

    My point – AVG is (usually) a free detector that’s renowned for false positive readings anyway. If no other malware detector is picking up on this, then that kinda suggests it’s outta whack. My experience with av / secuirty products is that you generally get what you pay.

    There are heaps of reports (mostly avg) that this is malware ‘on the rise.’
    Woohoo – join the queue of the hundreds of other malware exploits that are out there.

    Here’s a mozilla rundown, comments:

    http://support.mozilla.org/en-US/questions/928326

    Needless to say this has little to do with cre loaded specifically (actually seems to be WordPress and Joomla more, but then there’d be ALOT more users of those cms that cre loaded) and more to do with security practices of comp owners, av / security used by them and 3rd party plugins, esp javascript which is apparently what gets altered by the malware.

    Simon

  • #129887

    David Graham

    What does Google say??

    Try http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com/ and see what it says.

    The majority of the time, when someone gets a virus from a CRE Loaded site the file is NOT stored there, and you are wasting your time scanning the site itself for the file. This leads to erroneous reports of ‘false positives’ from folks who don’t understand how the files are served.

    Generally, the malicious files on the site just connect the user to another site, from which the actual virus / trojan is actually served.

    Site check services may or may not catch this, and whether or not they do often depends on whether the victim(s) had some sort of software to allow them to report to the ‘check’ site – which is often more a ‘reporting’ site than an actual scanner.

    Check the images folder for php files. Check the manufacturers table and language table for bogus entries pointing to php files in the images folder.

    Contact us. We do cleanup services.

    David

  • #129888

    zhenyusun
    Participant

    Hi David,

    thanks for your reply, i checked with the google link you provided, and nothing is found. it’s just AVG keep saying that our site http://www.rosemunde.dk is infected. and i asked AVG to provide the list of reported pages of our site in their database, and i did found some code that someone added into the php files. I removed all the suspecting codes from all the php files, but the problem is not solved, it seems that they don’t have a stardard code for the infection, and I have no idea how to find all of them.

    what is your website David, since you said you do the site cleanup service, i might want to try it 🙂

    regards

You must be logged in to reply to this topic.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close