Author Topic: Clicked YES in Malzilla when checking a iFrame link - did it load s.th.?  (Read 3684 times)

0 Members and 1 Guest are viewing this topic.

April 21, 2011, 06:54:42 pm
Read 3684 times

rapanuy

  • Newbie

  • Offline
  • *

  • 3
Hi.I tried to open a link at arktis.de (big dealer, amazon partner, they say their site is clean, other customers have no problems).

The link is found in this website (which is opening):
Code: [Select]
]http://www.arktis.de/widerrufsrecht/
and leads to the following content down here:
Bitte benutzen Sie im Falle eines Widerrufs unser ausdruckbares PDF-Rücksendeformular:
h**p://www.
arktis.de/retoure/
<--- infected link (I broke it once)

The link ...retoure should lead to a fillout form for a *.pdf:

But Avast said:
http://img130.imageshack.us/img130/676/avastd.jpg

Now I´ve learned form avast that there is a redirect iFrame thats supposed to be loaded.
I tried Malzilla, loaded the link above, clicked get, and by accident clicked Follow redirection: YES.
I saw in the Malzilla top windows the arktis sites source code.

I guess that YES loaded the gzip file, but where to, but what does it do. If I click NO in Malzilla, I see:

http://img148.imageshack.us/img148/227/avasty.jpg

Is there a recommondation for a scanner? Do I have to worry. Does Malzilla really load something??? Avast didn´t pop up after my Malzilla YES.

Thx
Mike

MysteryFCM: Wrapped URL in code tags

April 27, 2011, 08:00:24 pm
Reply #1

rapanuy

  • Newbie

  • Offline
  • *

  • 3
Well, someone was firm enough to edit my question, but no one seems to know sth. ´bout my question.

No harm, I´ll ask somewhere else  ;)

April 27, 2011, 09:41:47 pm
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I thought I'd answered it when wrapping the URL in the code tags.

Malzilla doesn't actually execute anything in the same manner as the browser, so infecting your system using malzilla is difficult if not impossible. Clicking Yes when it asks to follow a redirection, doesn't mean anything will be executed, it just means it found a redirection (e.g. 301/302) header.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

April 28, 2011, 06:46:51 am
Reply #3

rapanuy

  • Newbie

  • Offline
  • *

  • 3

April 28, 2011, 10:08:23 am
Reply #4

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

April 29, 2011, 10:26:24 am
Reply #5

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net