How avast gets news about new threats
Read the following blog post which has been posted in avast antivirus's website. This will give you a clear idea about how avast is getting news about new threats spreading through internet.
The website of Super Glue Corporation (supergluecorp.com) makers of the world-famous adhesive, has been infected with malware. And after five days, this infection seemed to be sticking like glue.
The infection was a Trojan JavaScript Redirector which takes visitors through a series of infected sites to the final location in Russia, most likely a distribution center for fake antivirus.
The malware was first reported to the AVAST Virus Lab through the CommunityIQ system of sensors. After receiving the initial report on August 5, 20.53 CET, the Lab confirmed the infection and flagged the site to avast! users.
“The script creates a URL (hXXp://cameoprincess.com/index.php?go=lastnews&rf=) and creates a script tag with it which basically activates the code on that URL,” said Alena Varkockova, Virus Lab analyst. The ‘cameoprincess’ page contains a JavaScript code, which redirects the visitor to ‘hXXp://papucky.eu/ext/’ which redirects the visitor to ‘http://adeportes.es/images/info/js/js.php’ and then to ‘hXXp://labource.ru/iframe.php?id=0xxnnc3e8793z0nevu1f4o36ncdvg34’.
“This last address seems to be the page that contained the payload – and it is turned off for now. By using a combination of redirectors, it’s statistically difficult to uncover the precise payload,” she added. “The likely candidate is some sort of fake antivirus.”
While injected JavaScript downloaders or redirectors are fairly common, the specific AVF Trojan at the superglue site is not. “It’s not in the top fifty malware rankings, but it has already been reported in over 500 sites today,” said Ms. Varkockova.
NOTE: AVAST Software informed Super Glue Corp. by email and telephone about this malware on August 10. They removed the Trojan later that day and sent AVAST a thank you note.
The website of Super Glue Corporation (supergluecorp.com) makers of the world-famous adhesive, has been infected with malware. And after five days, this infection seemed to be sticking like glue.
The infection was a Trojan JavaScript Redirector which takes visitors through a series of infected sites to the final location in Russia, most likely a distribution center for fake antivirus.
The malware was first reported to the AVAST Virus Lab through the CommunityIQ system of sensors. After receiving the initial report on August 5, 20.53 CET, the Lab confirmed the infection and flagged the site to avast! users.
“The script creates a URL (hXXp://cameoprincess.com/index.php?go=lastnews&rf=) and creates a script tag with it which basically activates the code on that URL,” said Alena Varkockova, Virus Lab analyst. The ‘cameoprincess’ page contains a JavaScript code, which redirects the visitor to ‘hXXp://papucky.eu/ext/’ which redirects the visitor to ‘http://adeportes.es/images/info/js/js.php’ and then to ‘hXXp://labource.ru/iframe.php?id=0xxnnc3e8793z0nevu1f4o36ncdvg34’.
“This last address seems to be the page that contained the payload – and it is turned off for now. By using a combination of redirectors, it’s statistically difficult to uncover the precise payload,” she added. “The likely candidate is some sort of fake antivirus.”
While injected JavaScript downloaders or redirectors are fairly common, the specific AVF Trojan at the superglue site is not. “It’s not in the top fifty malware rankings, but it has already been reported in over 500 sites today,” said Ms. Varkockova.
NOTE: AVAST Software informed Super Glue Corp. by email and telephone about this malware on August 10. They removed the Trojan later that day and sent AVAST a thank you note.
What did you understand by reading this. Avast can detect thousands of viruses through it's virus database. And they are getting news about new threats via their active users in the world wide. They are using a feature which is known as avast! community. An online users browsing datas are giving to the avast servers so that they can detect new threats behavior and in the same way infected websites. So that they can make new virus database and given it to other users by giving an update. So others are protected.
The given pictures shows how Avast community can be enabled. so that the local threats in your locality can be identified by avast developers and you will be safe. In the same way new threats in your computer is detected by avast antivirus and is send to avast server and their virus lab analyses the new threat and if it is a virus avast include the database in the next update and you will be protected.
Written by admin
Posts
0 comments: