Virus Question
Thread Starter
Virus Question
I got an Email from a trusted friend with a link to an article
the usual http stuff followed by
business7newsco.net/work/?article=22599
When the E-mail opened AVAST alarms went off in red.
I tried pasting the link in bits into giggle search and no such website was found. So I am thinking the link name http: etc.etc. is a direct executable somewhere.
If so where does it reside (server or my HD) and how do I find out what kind of file it is?
the usual http stuff followed by
business7newsco.net/work/?article=22599
When the E-mail opened AVAST alarms went off in red.
I tried pasting the link in bits into giggle search and no such website was found. So I am thinking the link name http: etc.etc. is a direct executable somewhere.
If so where does it reside (server or my HD) and how do I find out what kind of file it is?
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
just tried the link for you
it appears to point directly to a file on that site, and the file is infective
If your AV sofware worked, you should be OK
Its important to understand though that things have progressed to a point where its possible to embed malware into the link itself not in the actual target URL
you can actually make the shortcut infective........ I don't think thats the case here as I cut and pasted your text, and got the alarm warnings to the problem in probably on the website business7newsco.net/
The site is actually Russian-owned and is almost certainly a deliberate scam site. Details of ownership are at
Business7NewsCo.net - Business 7 News Co (thats a safe link)
The registrant has around another 4000 sites and is
Registrant:
Olga Golubeva
ul. Pushkina 98 56
Barnaul, 656000
RUSSIAN FEDERATION
+7.4955467812
edit - PS he may be a trusted friend, but you can't trust his e-mail
His account has either been hijacked or scammed in some way
it appears to point directly to a file on that site, and the file is infective
If your AV sofware worked, you should be OK
Its important to understand though that things have progressed to a point where its possible to embed malware into the link itself not in the actual target URL
you can actually make the shortcut infective........ I don't think thats the case here as I cut and pasted your text, and got the alarm warnings to the problem in probably on the website business7newsco.net/
The site is actually Russian-owned and is almost certainly a deliberate scam site. Details of ownership are at
Business7NewsCo.net - Business 7 News Co (thats a safe link)
The registrant has around another 4000 sites and is
Registrant:
Olga Golubeva
ul. Pushkina 98 56
Barnaul, 656000
RUSSIAN FEDERATION
+7.4955467812
edit - PS he may be a trusted friend, but you can't trust his e-mail
His account has either been hijacked or scammed in some way
Last edited by Milo Minderbinder; 24th Sep 2012 at 20:55.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
what could it tell you?
firstly theres nothing on that site to index other than viruses
secondly it was only registered on 24th September 2012
No time for it to be indexed
Don't use Google as virus alerting service. Its not what its for. They'll blacklist sites if they can - but they do that by simply blocking them, not indexing them!
next time you want to try something like that, try to plug the URL into VirusTotal
https://www.virustotal.com/
However in this case even that was a waste of time - the scan both on the link, and the domain times out and comes up blank.
Just proves how careful you need to be
firstly theres nothing on that site to index other than viruses
secondly it was only registered on 24th September 2012
No time for it to be indexed
Don't use Google as virus alerting service. Its not what its for. They'll blacklist sites if they can - but they do that by simply blocking them, not indexing them!
next time you want to try something like that, try to plug the URL into VirusTotal
https://www.virustotal.com/
However in this case even that was a waste of time - the scan both on the link, and the domain times out and comes up blank.
Just proves how careful you need to be
Last edited by Milo Minderbinder; 24th Sep 2012 at 23:54.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
heres the interesting thing
Virustotal - shows the site as clean (24 scan engines show as clean, 5 haven't checked it yet)
Sucuri - shows site as clean
urlvoid - three engines show site as contaminated, 26 show it as clean!!!!!
Those three engines which show as contaminated two are DBL blocklists, the other a "World of Trust" rating all actioned yesterday but with no explanation
I think its another example of Avast being ahead of the game again
Yet I've just got Comodo to rescan the site, and again its blank
Whatever is on there is well hidden
Virustotal - shows the site as clean (24 scan engines show as clean, 5 haven't checked it yet)
Sucuri - shows site as clean
urlvoid - three engines show site as contaminated, 26 show it as clean!!!!!
Those three engines which show as contaminated two are DBL blocklists, the other a "World of Trust" rating all actioned yesterday but with no explanation
I think its another example of Avast being ahead of the game again
Yet I've just got Comodo to rescan the site, and again its blank
Whatever is on there is well hidden
Last edited by Milo Minderbinder; 25th Sep 2012 at 00:30.
Thread Starter
secondly it was only registered on 24th September 2012
No time for it to be indexed
No time for it to be indexed
I had considered that but felt it was low probability that it was so new that even the master site didn't know it. I figured that it probably came from a site known for trouble.
I suspect that others on the distribution list that got similar E-nail links must have succumb by now.
