Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| Malware on grandcanyonskywalk.com or FP?
Avast! is warning me over malicious code in an iframe on the page. Dr. Web's link checker says it's clean, however.
hxxp://www.grandcanyonskywalk.com/mainmenu.html
Anyone else getting this with another AV?
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous |
|
CurtesyFlush
Bababooey, fafafooey, tatatoothy.
Premium
join:2002-08-23
Fontana, CA | I see 3 scripts from webaliser.net that want to run. Not running them, though.
--
My dog walks on water. |
|
beefcake122
join:2001-03-24
Tucson, AZ | reply to Its a Secret
Firefox 3.5 says it "cannot initialize site". It never trys to load. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | reply to Its a Secret
Of course, using Avast, I got the same warning for which I naturally aborted the connection. |
|
mysec
Premium
join:2005-11-29
| reply to beefcake122
said by beefcake122  :Firefox 3.5 says it "cannot initialize site". It never trys to load.
www.grandcanyonskywalk.com won't load in IE6 or Opera either.
Try: www.grandcanyonskywalk.com/mainmenu.html
Searching for webaliser.net that was in the i-frame pulls up different opinions about that site.
----
rich |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Its a Secret
The Proxomitron blocks the scripts there. I get a blank page on Fx3 with a toggle switch in the center of the page for Flash. Evidently the site is entirely behind Flash. I don't have Flash Player and I don't think Proxo blocking a script would make the page entirely blank. Bypassing Proxo also gets me a blank page with an icon to download Flash Player.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
bobince
join:2002-04-19
DE
2 edits | reply to Its a Secret
Yes, the webaliser iframe is a known attack. Currently webaliser.net is down, so it's not serving up any actual exploits, but the grandcanyonskywalk.com server is definitely compromised and needs fixing.
(Note: the real Webalizer domain is spelled with a 'z'.) |
|
GuruGuy
join:2002-12-16
Atlanta, GA | reply to Its a Secret
Anyone reported this to them
--
GuruGuy |
|
GuruGuy
join:2002-12-16
Atlanta, GA
1 edit | reply to Its a Secret
I get this from avira:
Requested URL: www.grandcanyonskywalk.com/mainmenu.html
Information Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--
GuruGuy |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | reply to Its a Secret
Fx v3.5.1 says it "Can not initialize."
--
"Facts not FUD!" |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| said by Grail Knight :Fx v3.5.1 says it "Can not initialize." Mine did too at first, then I typed it in as
www.grandcanyonskywalk.com
And it worked. After I clicked the little English button below I got the Avira warning.
--
GuruGuy |
|
Woody79_00
join:2004-07-08
united state
| I am also running Avira but
when i loaded that page, the HAVP(Http Antivirus proxy) running ClamAV on my pfsense box(which scans all traffic passing though my pfsense box with clamav) threw up this warning before Avira even got a chance to do anything
"This page was blocked because it contained the following virus: PUA JS.Obfus-2
So I would say its infected... |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | reply to GuruGuy
I see I will check it out later then with the manual input.
Thanks.
--
"Facts not FUD!" |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | reply to GuruGuy
Yes, I did fire off an email referencing this thread to them. |
|
munky99999
Munky
join:2004-04-10
canada
clubs: | reply to Its a Secret
Has been fixed or something. I cant seem to find any problems. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | No, it's still there. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
2 edits | said by Its a Secret :No, it's still there. The code on the grandcanyonskywalk.com web site may still be there, but webaliser.net is no longer to be found (at least with the DNS servers I use/tried).
webhost:/ # nslookup webaliser.net
Server: 192.168.10.1
Address: 192.168.10.1#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # nslookup webaliser.net 68.94.156.1
Server: 68.94.156.1
Address: 68.94.156.1#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # nslookup webaliser.net 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # ping webaliser.net
ping: unknown host webaliser.net
Try flushing your browser and/or DNS cache, and see if you still get the alert message.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
»portscan.dcs-net.net
»nature-pics.com |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX | reply to Grail Knight
Interesting stuff here.. Tried at home with KAV and IE 8.. get similar results.. At work with Norton... site opens right up in IE 6.. hmmm
--
da Cajun Darn I hate Malware |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to NetFixer
said by NetFixer :said by Its a Secret :No, it's still there. The code on the grandcanyonskywalk.com web site may still be there, but webaliser.net is no longer to be found (at least with the DNS servers I use/tried).
webhost:/ # nslookup webaliser.net
Server: 192.168.10.1
Address: 192.168.10.1#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # nslookup webaliser.net 68.94.156.1
Server: 68.94.156.1
Address: 68.94.156.1#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # nslookup webaliser.net 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
** server can't find webaliser.net: SERVFAIL
webhost:/ # ping webaliser.net
ping: unknown host webaliser.net
Try flushing your browser and/or DNS cache, and see if you still get the alert message. Still getting the av alert after clicking the english flag after the flash page loads..................still an issue.
--
GuruGuy |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to CajunTek
said by CajunTek :Interesting stuff here.. Tried at home with KAV and IE 8.. get similar results.. At work with Norton... site opens right up in IE 6.. hmmm That's norton for you
--
GuruGuy |
|
