Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Site Found... What do I do?


  • Please log in to reply
10 replies to this topic

#1 AlexSmithFanning

AlexSmithFanning

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gardner, Kansas
  • Local time:11:34 PM

Posted 17 October 2014 - 12:50 AM

I was recently trying to find out how to change the Minecraft skin from Alex to Steve, but that's not the point. I found a site that has a malicious download, the site itself isn't malicious, just the download. I don't know what to do, I scanned it with ClamTk (uses the ClamAV engine) and it said it was adware (specifically Win.Adware.InstallCore-581), and then scanned it with VirusTotal and got 25/52 detection. Do I report it to you guys? The site and the file? Who do I report it to if not you? Do you guys want me to give you the site? (The reason I didn't do it here was because of your policy).

 

Posted it here because I was not sure where to put the post.


I prefer Linux. Windows 10 is just to invasive for me.


BC AdBot (Login to Remove)

 


#2 Without_A_Monitor

Without_A_Monitor

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:34 AM

Posted 17 October 2014 - 02:02 AM

So, you downloaded whatever file, then you determined it was malicious, correct or incorrect?

#3 AlexSmithFanning

AlexSmithFanning
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gardner, Kansas
  • Local time:11:34 PM

Posted 17 October 2014 - 02:12 AM

Correct, while executing will do no harm (I will use WINE on my second operating system, Ubuntu) I want to know first if it needs to be uploaded.


I prefer Linux. Windows 10 is just to invasive for me.


#4 Without_A_Monitor

Without_A_Monitor

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:34 AM

Posted 17 October 2014 - 02:23 AM

May I ask how you are determining that executing will do no harm? Although I am just a trainee, my humble opinion would be to start a new thread in the "Am I Infected..." section or asking to have this one transferred to there. I also suggest that you do not uploaded the file into this thread. Besides using VirusTotal and ClamTk, have you tried running any tools like Adwcleaner, Junkware Removal Tool, or anything else? Again, my knowledge is limited, but I will offer my help and reach out to other bleeping members, who can assist you much better than I can.

#5 AlexSmithFanning

AlexSmithFanning
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gardner, Kansas
  • Local time:11:34 PM

Posted 17 October 2014 - 02:37 AM

I am not infected. I just want to prevent others from being infected.


I prefer Linux. Windows 10 is just to invasive for me.


#6 Without_A_Monitor

Without_A_Monitor

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:34 AM

Posted 17 October 2014 - 02:44 AM

If you are sure that you're not infected, you could just leave this thread here in this section. Others will see and most likely post in here as well.

#7 AlexSmithFanning

AlexSmithFanning
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gardner, Kansas
  • Local time:11:34 PM

Posted 17 October 2014 - 03:00 AM

Okay, thank you. And I know I am not infected because when downloading the file I was using my second operating system--Ubuntu. And the file is a Windows Executable.

 

Here is the link for the VirusTotal report of the downloaded file:

 

https://www.virustotal.com/en/file/82321e60753b2ca105a0da0977fceb093b4c279b3cd576ec1355d8c12600c21b/analysis/1413524241/

 

Here is the link for the VirusTotal report of the site itself:

 

https://www.virustotal.com/en/url/c6e19689facdefe48fe741cdd1f7783394566f3eb391db8a8ed7579b0ebc9387/analysis/1413532970/


Edited by AlexSmithFanning, 17 October 2014 - 03:05 AM.

I prefer Linux. Windows 10 is just to invasive for me.


#8 Without_A_Monitor

Without_A_Monitor

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:34 AM

Posted 17 October 2014 - 03:22 AM

I am too unfamiliar with Ubuntu to make an informed judgment on this situation; however, I was expressing concern about you possibly being infected because of the chance of invisible downloads and/or something else downloading with that file.

The finding in those links seems to suggest that both the file is malicious and the site is compromised with malicious files.

Edited by Without_A_Monitor, 17 October 2014 - 03:23 AM.


#9 AlexSmithFanning

AlexSmithFanning
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gardner, Kansas
  • Local time:11:34 PM

Posted 17 October 2014 - 03:58 AM

I have checked with SliTaz live and checked my downloads folder, scanned the whole disk, and then deleted my downloads folder itself. I should be safe now.

 

Thank you for your never-ending feedback, as it is always helpful!


I prefer Linux. Windows 10 is just to invasive for me.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:34 AM

Posted 17 October 2014 - 04:49 AM

Report malicious site/software to Google
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 19 October 2014 - 05:11 AM

I was recently trying to find out how to change the Minecraft skin from Alex to Steve, but that's not the point. I found a site that has a malicious download, the site itself isn't malicious, just the download. I don't know what to do, I scanned it with ClamTk (uses the ClamAV engine) and it said it was adware (specifically Win.Adware.InstallCore-581), and then scanned it with VirusTotal and got 25/52 detection. Do I report it to you guys? The site and the file? Who do I report it to if not you? Do you guys want me to give you the site? (The reason I didn't do it here was because of your policy).

 

Posted it here because I was not sure where to put the post.

 

Can you post the link to the VIrusTotal report?

 

Have you checked if they have a contact section on their website, so that you know at least who to contact?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users