Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


August 11th, 2011

AVAST Software: Superglue site stuck with malware

PRAGUE, Czech Republic, August 10, 2011 – The website of Super Glue Corporation (supergluecorp.com) makers of the world-famous adhesive, has been infected with malware. And after five days, this infection seemed to be sticking like glue.

The infection was a Trojan JavaScript Redirector which takes visitors through a series of infected sites to the final location in Russia, most likely a distribution center for fake antivirus.

 

The malware was first reported to the AVAST Virus Lab through the CommunityIQ system of sensors. After receiving the initial report on August 5, 20.53 CET, the Lab confirmed the infection and flagged the site to avast! users.

“The script creates a URL (hXXp://cameoprincess.com/index.php?go=lastnews&rf=) and creates a script tag with it which basically activates the code on that URL,” said Alena Varkockova, Virus Lab analyst. The ‘cameoprincess’ page contains a JavaScript code, which redirects the visitor to ‘hXXp://papucky.eu/ext/’ which redirects the visitor to ‘http://adeportes.es/images/info/js/js.php’ and then to ‘hXXp://labource.ru/iframe.php?id=0xxnnc3e8793z0nevu1f4o36ncdvg34’.

“This last address seems to be the page that contained the payload – and it is turned off for now. By using a combination of redirectors, it’s statistically difficult to uncover the precise payload,” she added. “The likely candidate is some sort of fake antivirus.”

While injected JavaScript downloaders or redirectors are fairly common, the specific AVF Trojan at the superglue site is not. “It’s not in the top fifty malware rankings, but it has already been reported in over 500 sites today,” said Ms. Varkockova.

NOTE: AVAST Software informed Super Glue Corp. by email and telephone about this malware on August 10. They removed the Trojan later that day and sent AVAST a thank you note.

 

 

Categories: Uncategorized Tags:
  • http://hossam hhh1_4

    hossam

  • rigo

    whats this malaware do??

  • http://hacktohell.blogspot.com HackToHell

    @rigo
    As told it redirects the webpage to Viruses ( Fake AV’s )

  • http://www.avast.com hassan

    verry good antiverice

  • http://hacktohell.blogspot.com HackToHell
  • http://www.avast.com Jindřich Kubec

    XSS bug was fixed few days ago, as soon as we got the report. Since we don’t ask for any credentials on our web, there’s no direct risk to the visitors of our website.

  • Jasper Fang

    This is some thing funny, why would some one attack a super glue site? Is it because their virus would stick on that glue? lol…

  • shamsher

    u r the best..

  • Ohrid

    Great job Avast, keep up the great work!

  • http://www.aq-angga.co.cc anno

    wow avast bekerja sangat maksimal itu yang di butuhkan oleh para pengguna avast, saya rasa avast adalah salah satu anti virus internasional yang ampuh. semoga dapat terus maju dan dapat menuntaskan virus-virus komputer yang menyebar. this comment in bahasa indonesia if you want to know please translate to english as international language.

  • http://yoetama.blogspot.com yanita

    whether the many sites contain this malware ?

  • yanto chiang

    yanita :
    whether the many sites contain this malware ?

    Hi Yanita,

    It is depend how secured and strength your web server before publish to public.

    cheers,

    Yanto Chiang

  • http://hacktohell.blogspot.com HackToHell

    @Jindřich Kubec
    Well yes :) i realized

  • Lily

    I just realized for the first time this morning that whenever an alert popup from Avast! pops up, I jump. XD

  • mike hawk

    Sounds like a sticky problem…

  • http://freesecurityseminar.wikispaces.com/ Norbert (Bob) Gostischa

    The computer club members attending the Free Security Seminar sponsored by Avast have been getting a chuckle out of the fact that something this sticky was actually attacked.
    I always get some laughs when the 2 slides related to this attack are shown and explained.
    They are even more surprised to realize that the AVG link scanner didn’t block this site.