• Steel Soldiers now has a few new forums, read more about it at: New Munitions Forums!

  • Microsoft MSN, Live, Hotmail, Outlook email users may not be receiving emails. We are working to resolve this issue. Please add support@steelsoldiers.com to your trusted contacts.

Kaspersky flagging SS .js files for phishing URL

sfsearchlights

sfsearchlights

New member
10
0
0
Location
San Francisco, CA
Kaspersky flags these objects - are the .js files hacked to point to a phishing site or is the phishing database triggering on all of SS?vbulletin_attachment.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_attachment.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:40 AM http://www.steelsoldiers.com/clientscript/ vbulletin_textedit.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_textedit.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:40 AM http://www.steelsoldiers.com/clientscript/ vbulletin_lightbox.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_lightbox.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/ vbulletin-editor.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-editor.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/yui/connection/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ animation-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/animation/animation-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:26 AM http://www.steelsoldiers.com/clientscript/yui/animation/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/yui/connection/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/ animation-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/animation/animation-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:05 AM http://www.steelsoldiers.com/clientscript/yui/animation/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/yui/connection/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/ animation-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/animation/animation-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/yui/animation/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/yui/connection/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/yui/connection/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:16:59 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:16:59 AM http://www.steelsoldiers.com/clientscript/yui/connection/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:16:59 AM http://www.steelsoldiers.com/clientscript/ vbulletin_md5.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_md5.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:10:16 AM http://www.steelsoldiers.com/clientscript/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:10:16 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:10:16 AM http://www.steelsoldiers.com/clientscript/ vbulletin_md5.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_md5.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:09:57 AM http://www.steelsoldiers.com/clientscript/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:09:56 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:09:56 AM http://www.steelsoldiers.com/clientscript/
 
patracy

patracy

Administrator
Staff member
Administrator
14,637
4,805
113
Location
Buchanan, GA
There was an exploit that happened yesterday morning at ~3:40am. Google had flagged it, but apparently they've cleared it. I didn't know about the kaspersky alert. I found their website and outlined the events/steps taken.

For what it's worth, the index.html file that was loaded as well as those folders have been removed. A scan on the clientscript folders show no infections, and the dates of the files you listed are of that of the install date. (Where as the exploited files had dates of 1/3/14)
[root@www steelsol]# clamscan --infected --recursive /home/XXXXXX/XXXXXXXXX/clientscript

----------- SCAN SUMMARY -----------
Known viruses: 3055176
Engine version: 0.98
Scanned directories: 201
Scanned files: 623
Infected files: 0
Data scanned: 13.42 MB
Data read: 5.42 MB (ratio 2.48:1)
Time: 13.201 sec (0 m 13 s)
Click to expand...
 
D

DavisM38

New member
31
0
0
Location
Minnesota
My Kaspersky is also flagging the site. I get multiple warnings with each page I go to. Kaspersky is successfully blocking but figured you should know its still happening.
 
patracy

patracy

Administrator
Staff member
Administrator
14,637
4,805
113
Location
Buchanan, GA
I haven't heard back from them. Unfortunately I have no control over when they update their databases.
 
patracy

patracy

Administrator
Staff member
Administrator
14,637
4,805
113
Location
Buchanan, GA
And just as a sanity check...

clamscan --infected --recursive /home/XXXXX/XXXXXXXX/clientscript

----------- SCAN SUMMARY -----------
Known viruses: 3055176
Engine version: 0.98
Scanned directories: 201
Scanned files: 623
Infected files: 0
Data scanned: 13.42 MB
Data read: 5.42 MB (ratio 2.48:1)
Time: 22.335 sec (0 m 22 s)
Click to expand...
 
Al Harvey

Al Harvey

Active member
1,152
19
38
Location
Dover, TN
If you go into the setting on Kaspersky you can add steelsoldiers as a trusted site and it won't cause all the flags as it opens. At least until they are willing to accept us as we are. lol
 
patracy

patracy

Administrator
Staff member
Administrator
14,637
4,805
113
Location
Buchanan, GA
Super Warrantman said:
Still flagging the Steel Soldiers site as of 10 Jan. Oddly enough, this is the only site I get that reaction from Kaspersky when I attempt to read the content.
Click to expand...
Perhaps if everyone would start opening cases/emailing/reporting the links as errors, Kaspersky would update their database.
 
You must log in or register to reply here.
110,800members
165,252threads
2,325,158posts
752online users
Top