[Owasp-Malaysia] Malware Detected!

Abdulla Al-Attas alattas.abdulla at gmail.com
Tue Feb 8 03:11:11 EST 2011


Salam and Hi to all

why don't we try some manual checking :-)

since you are saying the code that you are using is valid and there is
nothing wrong with it.. I guess when google trying to index the content of
your page their filtering mechansim think your code is some kinda malicous
iframe that direct to another link or download some virus from outside link

so lets try this
1- flush your dns
2- flush your cookies
3- flush your temperorary internet files
"we want to start clean"

4- activate any programs like tcp dump or fiddler or any of those tcp/ip
packet analyzer programs
5- access your site
6- watch the exchange of information between your server and the monitoring
machine

you might be able to see something either good news or bad news

the reason I'm asking you to do this is because.. we want to find out
whether a malware is downloaded directly from your server to another machine
or there is some kinda hidden frame behind your page that try download some
content "malware" using your site.. "because GOOGLE is assuming so"

if we can have a proper proof from our own analysis there is nothing wrong
with the code then we might be able to send a request to google to unblock
it using the analysis that we did..

thats just my idea.. it might work but it will be interesting learning and
whether google will accept this analysis

worse case scenario you may need change some of your code or actually there
is a malware.

let us know about the results so we can also learn from your experience

regards,
Abdulla Al-Attas

On Tue, Feb 8, 2011 at 4:00 PM, Mohd Syamsuri <msyamsuri at gmail.com> wrote:

> I have check it.
>
> On Tue, Feb 8, 2011 at 3:49 PM, Rasta Boy <rastaboyz at gmail.com> wrote:
>
>> Hi Mohd Symsuri,
>>
>> Why dont you check on the reason why its being blocked, it might help.
>>
>>
>> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.pkink.gov.my/
>>
>>
>> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=AS:4788
>>
>> Regards,
>> Kishur
>>
>>
>>
>>   On Tue, Feb 8, 2011 at 3:19 PM, Mohd Syamsuri <msyamsuri at gmail.com>wrote:
>>
>>>  Assalamualikum and Good day for my fellow friends.
>>>
>>> I need some advise.
>>>
>>> Web site Perbadanan kemajuan Iktisad Negeri Kelantan (
>>> http://www.pkink.gov.my) have been blocked by Google for almost 4 days.
>>> It said that we host malware on our server Malware Detected! ( Google
>>> said that!!)
>>>
>>> What i did is..
>>> 1. Scan all the data and upload a new data
>>> 2. Check the index.html or index.php
>>> 3. Scan using web scanner using
>>> http://www.avgthreatlabs.com/
>>> http://www.virustotal.com
>>>
>>> but still get block..
>>>
>>> Googel said Suspected injected code
>>> <FRAME SRC="http://www2.pkink.gov.my/indexsedc.php" NAME="confcontent"
>>> scrolling=yes >
>>>
>>> I have using this code for almost 2 years
>>>
>>> What should i do now?
>>>
>>>
>>> --
>>> best regard
>>> syamsuri
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
>
> --
> best regard
> syamsuri
>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110208/d4f42653/attachment-0001.html 


More information about the Owasp-Malaysia mailing list