[Owasp-ireland] Xenotix XSS Exploitation Framework flagged as malware

Eoin Hinchy eoinhinchy at gmail.com
Mon Sep 10 16:15:12 UTC 2012


Hey Dave, thanks for the reply.

Yeah, that was my initial thought, too. However, I think it's odd that the
AV vendors have only been flagging the file as malicious in the last 8
hours or so, this seems to coincide with a new version of the file being
added to the download section of the page. Perhaps something's changed in
this version (unencrypted payloads?)

Anyways, I only bring it up as I'd be wary that owasp.org will start being
added to malicious domain blacklists. It looks like GSB has already
detected the "trojan", our maldomain crawler has also suggested blocking
owasp.org on our corpnet - not ideal!

Thanks again,
Eoin



On 10 September 2012 16:11, David Rook <david.rook at realexpayments.com>wrote:

>  My guess would be the payloads such as the key logger are triggering AV
> signatures.
>
> I've had similar happen to me before where a presentation I gave was
> setting off AV alerts because I had included malicious javascript in one of
> the slides.
>
>
> On 10/09/2012 16:05, Eoin Hinchy wrote:
>
> Hi folks,
>
>  Just wondering if anyone knows why the Xenotix XSS Exploitation
> Framework looks so horrible in VirusTotal:
>
> https://www.virustotal.com/file/e546b20d1d3716a6e438a76c7de923361cb875e5316e12db24c48c230378d11c/analysis/
>
>  Thanks a bunch,
> Eoin
>
>
> _______________________________________________
> Owasp-ireland mailing listOwasp-ireland at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-ireland
>
>
> --
> David Rook
> Application Security Lead
> Product Management
> Realex Payments
> Enabling thousands of businesses to sell online.
>
> Connect with us:http://www.twitter.com/securityninjahttp://www.twitter.com/realexpaymentshttp://www.facebook.com/realexpaymentshttp://www.linkedin.com/company/realex-paymentshttp://www.youtube.com/realexpayments
>
> Realex Payments Dublin:
> t: +353 (0)1 2808559 | f: +353 (0)1 2808538  | http://www.realexpayments.com
>
> Realex Payments London:
> t: +44 (0)20 3178 5370 | f: +44 (0)20 7691 7264  | http://www.realexpayments.co.uk
>
> Realex Payments Paris:
> t: +33 (0)1 70 38 51 37  | f: +33 (0)1 70 38 51 51 | http://www.realexpayments.fr
>
> Pay and Shop Limited, trading as Realex Payments has its registered office at The Observatory 7-11 Sir John Rogerson's Quay Dublin 2, Co. Dublin, Ireland and is registered in Ireland, company number 324929. This mail and any documents attached are classified as confidential and are intended for use by the addressee(s) only unless otherwise indicated. If you are not an intended recipient of this email, you must not use, disclose, copy, distribute or retain this message or any part of it. If you have received this email in error, please notify us immediately and delete all copies of this email from your computer system(s).
>
>
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20120910/b6346ad9/attachment.html>


More information about the Owasp-ireland mailing list