aluigi.org is "infected"

Doubts, help and support about QuickBMS and other game research tools
hhrhhr
Posts: 36
Joined: Sun Jan 18, 2015 11:22 pm

aluigi.org is "infected"

Post by hhrhhr »

i use secure Yandex DNS-servers, today found that the site is considered to be "infected". translated message:
Yandex periodically checks the sites to warn users of dangerous pages. Last checked (less than two days old) showed that the site was placed malicious code. This could be either at the request of the owners, and without their knowledge - as a result of malicious acts.

Malicious code:

It contains Mal / JSShell-B (according to the company Sophos).


it's not a problem for me, but i would in your place would have written in support of Sophos about false positives.
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: aluigi.org is "infected"

Post by aluigi »

Thanks for the info.
Honestly I don't have the minimal idea of what it means, first because in the last months I have updated only quickbms and the scripts (the rest of the website is untouched), then because there is not a name of file or other additional information and then there is nothing even similar to code like this (the metasploit code that is probably related to that Mal / JSShell-B).

The files online are 100% original so I guess it's one of the usual false positives coming from my old open source proof-of-concepts.

aluigi.altervista.org is reported ok (aluigi.org is simply a redirect to aluigi.altervista.org, it contains nothing).

Anyway the problem is yandex. Sophos is simply used as a link to the information of what has been found.

Are you using the DNS 77.88.8.88/2 ?
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: aluigi.org is "infected"

Post by aluigi »

Mah, in the meantime I have used https://feedback2.yandex.com/dns/nophishing/ to report the false positive.
Top
hhrhhr
Posts: 36
Joined: Sun Jan 18, 2015 11:22 pm

Re: aluigi.org is "infected"

Post by hhrhhr »

Code: Select all

77.88.8.88, 77.88.8.2, 77.88.8.7, 77.88.8.3:
aluigi.org.             1200    IN      A       213.180.193.250

77.88.8.8, 77.88.8.1:
aluigi.org.             10800   IN      A       217.70.184.38
aluigi.org.             10800   IN      NS      c.dns.gandi.net.
aluigi.org.             10800   IN      NS      a.dns.gandi.net.
aluigi.org.             10800   IN      MX      50 fb.mail.gandi.net.
aluigi.org.             10800   IN      MX      10 spool.mail.gandi.net.
aluigi.org.             10800   IN      SOA     a.dns.gandi.net. hostmaster.gandi.net. 1355402945 10800 3600 604800 10800
aluigi.org.             10800   IN      NS      b.dns.gandi.net.


aluigi.altervista.org works ok. I tried to inform the Yandex of false positives, but usually reach them as difficult as for Google ;)
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: aluigi.org is "infected"

Post by aluigi »

Ok, please keep me updated if something changes in the next days/weeks.
Top

Return to “Help with QuickBMS & tools”