[clamav-users] Can't detect deceptive URL's as infected !!
Steve Basford
steveb_clamav at sanesecurity.com
Tue Dec 11 15:52:20 UTC 2018
On Tue, December 11, 2018 1:58 pm, Sunny Marwah wrote:
Hi Sunny/All,
Here's the summary....
The phishing attempt looks like this html code:
h-t-t-p-s:/-/-pastebin DOT com/TL5WUJZh
This first link is just a hijacked graphic and won't be in safebrowsing...
h-t-t-p-s:-/-/gokdenizhealthtourism DOT com/js/logo.gif
This next link, is the bad" phishing link is:
h-t-t-p-s:/-/-nompao DOT com/boa.php
The above link is currently blank and isn't in currently safebrowsing,
however, you can report it here:
https://safebrowsing.google.com/safebrowsing/report_badware/
VirusTotal is showing a clean link too on the phishing link:
https://www.virustotal.com/#/url/27abfb7ec2849ebadf75dcf899bc0f2aa3a491897bcef3ad2179ed30bb2eb258/detection
You can submit the sample to ClamAV to add detection of the phish contents
here (regardless of the url's that are being used)
https://www.clamav.net/reports/malware
--
Cheers,
Steve
Twitter: @sanesecurity
More information about the clamav-users
mailing list