Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Piwik.js ist detecte as Virus/Malware by support.clean-mx.de #10236

Closed
typoworx-de opened this issue Jun 16, 2016 · 2 comments
Closed

Piwik.js ist detecte as Virus/Malware by support.clean-mx.de #10236

typoworx-de opened this issue Jun 16, 2016 · 2 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@typoworx-de
Copy link

I just got a report forwarded from my Rootserver-ISP's abuse team regarding fraud / malware activity.

The E-Mail was generated from this page:
http://support.clean-mx.de/clean-mx/viruses.php?email=abuse@accelerated.de&response=alive

Content of the Mail about complained issues (shortened)

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

|date               |id |virusname  |ip     |domain     |Url|
+-----------------------------------------------------------------------------------------------
|2016-06-15 09:25:52 CEST   |94707355   |cleanmx_phish  |84.200.68.130  |typoworx.de    |http://piwik.typoworx.de/
+-----------------------------------------------------------------------------------------------

Note: also customer-pages including piwik.js for tracking are reported separately to me!

explanation of virusnames:
==========================
unknown_html_RFI_php    not yet detected by scanners as RFI, but pure php code for injection
unknown_html_RFI_perl   not yet detected by scanners as RFI, but pure perl code for injection
unknown_html_RFI_eval   not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
unknown_html_RFI    not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
unknown_html    not yet detected by scanners as RFI, but suspious, may be in rare case false positive
...javascript.insert    Please pay attention for script code after 
unknown_exe not yet detected by scanners as malware, but high risk!
all other names malwarename detected by scanners
==========================

Company contact / imprint in the E-Mail:

Gerhard W. Recher
(CTO)

net4sec UG (haftungsbeschraenkt)

Leitenweg 6
D-86929 Penzing
@tsteur
Copy link
Member

tsteur commented Jun 17, 2016

ping @mattab do you have any idea if there's something to do / that we can do?

@mattab
Copy link
Member

mattab commented Jul 8, 2016

Hello,

please consult with your technical team, what is the problem. It is not related to Piwik as far as we can see. Good luck

@mattab mattab closed this as completed Jul 8, 2016
@mattab mattab added the answered For when a question was asked and we referred to forum or answered it. label Jul 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tsteur @mattab @typoworx-de