[clamav-users] Can't detect deceptive URL's as infected !!

Steve Basford steveb_clamav at sanesecurity.com
Tue Dec 11 10:52:20 EST 2018


On Tue, December 11, 2018 1:58 pm, Sunny Marwah wrote:

Hi Sunny/All,

Here's the summary....

The phishing attempt looks like this html code:

h-t-t-p-s:/-/-pastebin DOT com/TL5WUJZh

This first link is just a hijacked graphic and won't be in safebrowsing...

h-t-t-p-s:-/-/gokdenizhealthtourism DOT com/js/logo.gif

This next link, is the bad" phishing link is:

h-t-t-p-s:/-/-nompao DOT com/boa.php

The above link is currently blank and isn't in currently safebrowsing,
however, you can report it here:

https://safebrowsing.google.com/safebrowsing/report_badware/

VirusTotal is showing a clean link too on the phishing link:

https://www.virustotal.com/#/url/27abfb7ec2849ebadf75dcf899bc0f2aa3a491897bcef3ad2179ed30bb2eb258/detection


You can submit the sample to ClamAV to add detection of the phish contents
here (regardless of the url's that are being used)

https://www.clamav.net/reports/malware

-- 
Cheers,

Steve
Twitter: @sanesecurity




More information about the clamav-users mailing list