×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jameshvibe
Former Member
Message 1 of 8

Site Testing - electikrecords.com, mundermusic.com

Jump to solution

Is there anyone that could help me with this:

I have a few websites up and running and i have now started reciving a  McAfee warning about the site when i type in the url to the search bar,

is this because the site has not been tested yet? if so how can i get the site tested ? lol

im new to this

Message was edited by: Hayton - modified subject header to add site names - on 16/02/12 20:36:08 GMT
1 Solution

Accepted Solutions
Hayton
Reliable Contributor
Reliable Contributor
Message 8 of 8

Re: Site Testing

Jump to solution

Your Javascript malware has been identified as the results of a serious attack involving the Blackhole Exploit kit. As your sites were constructed using WordPress it is possible that (although the version is shown as 3.3.1) they were in fact built using an earlier version, since 3.2.1 is known to have been vulnerable to malware attack.


Malware entry: MW:JS:160



Description: This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.

Note that every PHP, HTML and JS file can get compromised by this malware. On some variations of this attack, it is also compromised through vulnerable versions of Timthumb/WordPress.

Some anti virus programs will flag this type of malware (after infecting a computer) as Blackhole Exploit kit or similar names.

Affecting: Any web site with FTP enabled (and password stolen).

View solution in original post

7 Replies
flogger
Former Member
Message 2 of 8

Re: Site Testing

Jump to solution

I think you need to add a certificate of the website to Mcafee. I'm just not sure on how to do this.

Hayton
Reliable Contributor
Reliable Contributor
Message 3 of 8

Re: Site Testing

Jump to solution

A warning means more than Not Tested. What's the website?

jameshvibe
Former Member
Message 4 of 8

Re: Site Testing

Jump to solution

2 sites. www.electikrecords.com and www.mundermusic.com  the warning is not coming up for me anymore but from what i know it is for others?

jameshvibe
Former Member
Message 5 of 8

Re: Site Testing

Jump to solution

If anyone wants to offer help with this id be really greatful

Dinz
Former Member
Message 6 of 8

Re: Site Testing

Jump to solution

Hi james,

Please Submit your rating dispute via email at support@siteadvisor.com or online at http://www.siteadvisor.com/userfeedback.html. During the evaluation of this dispute, McAfee communicates with site owners via email.

Regards,

Hayton
Reliable Contributor
Reliable Contributor
Message 7 of 8

Re: Site Testing

Jump to solution

It's not just a case of a SiteAdvisor false positive, or site testing not yet complete.

First, McAfee isn't blocking either of these sites, or showing warnings about them. The sites have a proviional Green rating, but testing of them is not yet complete (the SiteAdvisor pages for them show the grey question mark symbol). The blocking and warnings come from elsewhere.

The Google Safe Browsing page for electikrecords.com is HERE, and this is Google's blocking page :

electik records.JPG

Sucuri gives this site the thumbs-down because of Google's malware notice :

Sucuri SiteCheck - electik records.png

BrowserDefender says OK but shows the server is in Lithuania. Is that right?

mundermusic.com in Chrome says it needs to install an additional plug-in but doesn't say what that might be. Not Flash, because I have that. What plug-in is it asking for?

SiteAdvisor has this site as Green but Sucuri site checking gives a different picture -

Sucuri SiteCheck - mundermusic.png

BrowserDefender has not rated this site but says the server is in the United States : Chrome Flag info shows it somewhere in the Russian Federation. I would have expected these two sites to be on the same server?

Neither SiteAdvisor not TrustedSource shows any problem with these sites, and ratings from other bodies (including Norton SafeWeb) show no problems. Some of those tests will be more recent than others, but both sites must for the moment be considered as infected with malware.

You should probably contact Google as a matter of urgency, since their flagging of electikrecords as a malicious site will be noted and copied by other rating bodies. And check the javascript code listed in the Sucuri analysis - there are about 8 or 10 separate malware detections shown.

Message was edited by: Hayton on 16/02/12 20:21:24 GMT
Hayton
Reliable Contributor
Reliable Contributor
Message 8 of 8

Re: Site Testing

Jump to solution

Your Javascript malware has been identified as the results of a serious attack involving the Blackhole Exploit kit. As your sites were constructed using WordPress it is possible that (although the version is shown as 3.3.1) they were in fact built using an earlier version, since 3.2.1 is known to have been vulnerable to malware attack.


Malware entry: MW:JS:160



Description: This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.

Note that every PHP, HTML and JS file can get compromised by this malware. On some variations of this attack, it is also compromised through vulnerable versions of Timthumb/WordPress.

Some anti virus programs will flag this type of malware (after infecting a computer) as Blackhole Exploit kit or similar names.

Affecting: Any web site with FTP enabled (and password stolen).

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community