Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

August 11th, 2011

AVAST Software: Superglue site stuck with malware

PRAGUE, Czech Republic, August 10, 2011 – The website of Super Glue Corporation (supergluecorp.com) makers of the world-famous adhesive, has been infected with malware. And after five days, this infection seemed to be sticking like glue.

The infection was a Trojan JavaScript Redirector which takes visitors through a series of infected sites to the final location in Russia, most likely a distribution center for fake antivirus.

 

The malware was first reported to the AVAST Virus Lab through the CommunityIQ system of sensors. After receiving the initial report on August 5, 20.53 CET, the Lab confirmed the infection and flagged the site to avast! users.

“The script creates a URL (hXXp://cameoprincess.com/index.php?go=lastnews&rf=) and creates a script tag with it which basically activates the code on that URL,” said Alena Varkockova, Virus Lab analyst. The ‘cameoprincess’ page contains a JavaScript code, which redirects the visitor to ‘hXXp://papucky.eu/ext/’ which redirects the visitor to ‘http://adeportes.es/images/info/js/js.php’ and then to ‘hXXp://labource.ru/iframe.php?id=0xxnnc3e8793z0nevu1f4o36ncdvg34’.

“This last address seems to be the page that contained the payload – and it is turned off for now. By using a combination of redirectors, it’s statistically difficult to uncover the precise payload,” she added. “The likely candidate is some sort of fake antivirus.”

While injected JavaScript downloaders or redirectors are fairly common, the specific AVF Trojan at the superglue site is not. “It’s not in the top fifty malware rankings, but it has already been reported in over 500 sites today,” said Ms. Varkockova.

NOTE: AVAST Software informed Super Glue Corp. by email and telephone about this malware on August 10. They removed the Trojan later that day and sent AVAST a thank you note.

 

 

Categories: Uncategorized Tags:
  1. August 11th, 2011 at 14:50 | #1

    hossam

  2. rigo
    August 11th, 2011 at 14:51 | #2

    whats this malaware do??

  3. August 11th, 2011 at 15:21 | #3

    @rigo
    As told it redirects the webpage to Viruses ( Fake AV’s )

  4. August 11th, 2011 at 15:22 | #4

    verry good antiverice

  5. August 11th, 2011 at 16:13 | #6

    XSS bug was fixed few days ago, as soon as we got the report. Since we don’t ask for any credentials on our web, there’s no direct risk to the visitors of our website.

  6. Jasper Fang
    August 11th, 2011 at 16:17 | #7

    This is some thing funny, why would some one attack a super glue site? Is it because their virus would stick on that glue? lol…

  7. shamsher
    August 11th, 2011 at 17:14 | #8

    u r the best..

  8. Ohrid
    August 11th, 2011 at 21:43 | #9

    Great job Avast, keep up the great work!

  9. August 11th, 2011 at 23:27 | #10

    wow avast bekerja sangat maksimal itu yang di butuhkan oleh para pengguna avast, saya rasa avast adalah salah satu anti virus internasional yang ampuh. semoga dapat terus maju dan dapat menuntaskan virus-virus komputer yang menyebar. this comment in bahasa indonesia if you want to know please translate to english as international language.

  10. August 12th, 2011 at 05:19 | #11

    whether the many sites contain this malware ?

  11. yanto chiang
    August 12th, 2011 at 10:38 | #12

    yanita :
    whether the many sites contain this malware ?

    Hi Yanita,

    It is depend how secured and strength your web server before publish to public.

    cheers,

    Yanto Chiang

  12. August 12th, 2011 at 16:31 | #13

    @Jindřich Kubec
    Well yes :) i realized

  13. Lily
    August 12th, 2011 at 23:01 | #14

    I just realized for the first time this morning that whenever an alert popup from Avast! pops up, I jump. XD

  14. mike hawk
    August 13th, 2011 at 01:55 | #15

    Sounds like a sticky problem…

  15. August 15th, 2011 at 19:31 | #16

    The computer club members attending the Free Security Seminar sponsored by Avast have been getting a chuckle out of the fact that something this sticky was actually attacked.
    I always get some laughs when the 2 slides related to this attack are shown and explained.
    They are even more surprised to realize that the AVG link scanner didn’t block this site.

Comments are closed.