Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| Malware on grandcanyonskywalk.com or FP? Avast! is warning me over malicious code in an iframe on the page. Dr. Web's link checker says it's clean, however.
hxxp://www.grandcanyonskywalk.com/mainmenu.html
Anyone else getting this with another AV?
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
 
CurtesyFlush
Bababooey, fafafooey, tatatoothy.
Premium
join:2002-08-23
Fontana, CA | Re: Malware on grandcanyonskywalk.com or FP? I see 3 scripts from webaliser.net that want to run. Not running them, though.
--
My dog walks on water. | |
|
beefcake122
join:2001-03-24
Tucson, AZ | Firefox 3.5 says it "cannot initialize site". It never trys to load. | |
|
 | mysec
Premium
join:2005-11-29
| Re: Malware on grandcanyonskywalk.com or FP? said by beefcake122  :Firefox 3.5 says it "cannot initialize site". It never trys to load.
www.grandcanyonskywalk.com won't load in IE6 or Opera either.
Try: www.grandcanyonskywalk.com/mainmenu.html
Searching for webaliser.net that was in the i-frame pulls up different opinions about that site.
----
rich | |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | Of course, using Avast, I got the same warning for which I naturally aborted the connection. | |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| The Proxomitron blocks the scripts there. I get a blank page on Fx3 with a toggle switch in the center of the page for Flash. Evidently the site is entirely behind Flash. I don't have Flash Player and I don't think Proxo blocking a script would make the page entirely blank. Bypassing Proxo also gets me a blank page with an icon to download Flash Player.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
| 
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | Re: Malware on grandcanyonskywalk.com or FP? Noscript does the same thing in Fx.
--
"Facts not FUD!" | |
|
bobince
join:2002-04-19
DE
2 edits | Yes, the webaliser iframe is a known attack. Currently webaliser.net is down, so it's not serving up any actual exploits, but the grandcanyonskywalk.com server is definitely compromised and needs fixing.
(Note: the real Webalizer domain is spelled with a 'z'.) | |
|
GuruGuy
join:2002-12-16
Atlanta, GA | Anyone reported this to them
--
GuruGuy | |
|
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | Re: Malware on grandcanyonskywalk.com or FP? Yes, I did fire off an email referencing this thread to them. | |
|
GuruGuy
join:2002-12-16
Atlanta, GA
1 edit | I get this from avira:
Requested URL: www.grandcanyonskywalk.com/mainmenu.html
Information Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--
GuruGuy | |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | Fx v3.5.1 says it "Can not initialize."
--
"Facts not FUD!" | |
|
| GuruGuy
join:2002-12-16
Atlanta, GA
| Re: Malware on grandcanyonskywalk.com or FP? said by Grail Knight :Fx v3.5.1 says it "Can not initialize." Mine did too at first, then I typed it in as
www.grandcanyonskywalk.com
And it worked. After I clicked the little English button below I got the Avira warning.
--
GuruGuy | |
|
| | 
Woody79_00
join:2004-07-08
united state
| Re: Malware on grandcanyonskywalk.com or FP? I am also running Avira but
when i loaded that page, the HAVP(Http Antivirus proxy) running ClamAV on my pfsense box(which scans all traffic passing though my pfsense box with clamav) threw up this warning before Avira even got a chance to do anything
"This page was blocked because it contained the following virus: PUA JS.Obfus-2
So I would say its infected... | |
|
| |
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | I see I will check it out later then with the manual input.
Thanks.
--
"Facts not FUD!" | |
|
| 
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX | Interesting stuff here.. Tried at home with KAV and IE 8.. get similar results.. At work with Norton... site opens right up in IE 6.. hmmm
--
da Cajun Darn I hate Malware | |
|
| | GuruGuy
join:2002-12-16
Atlanta, GA
| Re: Malware on grandcanyonskywalk.com or FP? said by CajunTek :Interesting stuff here.. Tried at home with KAV and IE 8.. get similar results.. At work with Norton... site opens right up in IE 6.. hmmm That's norton for you
--
GuruGuy | |
|
| | |
munky99999
Munky
join:2004-04-10
canada
clubs: | Has been fixed or something. I cant seem to find any problems. | |
|
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | Re: Malware on grandcanyonskywalk.com or FP? No, it's still there. | |
|
| | |
| | | GuruGuy
join:2002-12-16
Atlanta, GA
| Re: Malware on grandcanyonskywalk.com or FP?said by NetFixer :said by Its a Secret :No, it's still there. The code on the grandcanyonskywalk.com web site may still be there, but webaliser.net is no longer to be found (at least with the DNS servers I use/tried).
webhost:/ # nslookup webaliser.net
Server: 192.168.10.1
Address: 192.168.10.1#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # nslookup webaliser.net 68.94.156.1
Server: 68.94.156.1
Address: 68.94.156.1#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # nslookup webaliser.net 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # ping webaliser.net
ping: unknown host webaliser.net
Try flushing your browser and/or DNS cache, and see if you still get the alert message. Still getting the av alert after clicking the english flag after the flash page loads..................still an issue.
--
GuruGuy | |
|
| | | | |
| | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
1 edit | said by NetFixer :Try flushing your browser and/or DNS cache, and see if you still get the alert message. Have done that. Intersting though, I went to reply to you and got the Avast! virus alert!
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
| | | | |
| | | | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
1 edit | Re: Malware on grandcanyonskywalk.com or FP? I got the same thing:
*** Can't find address for server webaliser.net: Server failed
Interesting. Why would replying to your post trigger this? | |
|
| | | | | | 
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·Cingular Wireless
·AT&T CallVantage
 ·AT&T Southeast
1 edit | Re: Malware on grandcanyonskywalk.com or FP? said by Its a Secret :I got the same thing: *** Can't find address for server webaliser.net: Server failed Interesting. Why would replying to your post trigger this? Because I posted the iframe url link, and apparently just seeing that code (even though it is only text in the DSLR [code]...[/code] posting) is enough to trigger the Avast! warning alarm (just as it is sufficient to trigger the same alarm on the grandcanyonskywalk.com site even though the webaliser.net is not actually reachable),
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
»portscan.dcs-net.net
»nature-pics.com | |
|
|
|
|
|
