09-19-2011 11:41 AM - edited 09-19-2011 11:44 AM
I use Symantec Endpoint protection and I own http://www.vayumedia.com .
I had a few of my website's visitors tell me that they thought I had a virus on my website. When I opened my website I recevied the Norton Pop Up: [SID 24089] Web Attack: Malicious Toolkit Website 9. I receive it in Internet explorer sometimes and sometimes not.
I ran the URL thru:
Norton Safe Web: Safe
AVG Tool: Safe
Online Link scan: safe
Dr. Web: Safe
We couldn't find anything on the website. I am at a loss why Norton is reporting this.
What can I do to detect the issue and remove it from the website? Or is this a false reporting issue?
09-19-2011 12:11 PM - edited 09-19-2011 12:25 PM
Have you tried going to your site by clicking on a link in a Google search? Sometimes these types of attacks will only be triggered if there is a referrer. The fact that the attack does not launch on every visit does not mean there is not an infection - many of these are randomized to evade detection. It may not be a false positive.
09-19-2011 12:52 PM
I couldn't replicate it this moment but I had enough of the warning pop-ups and feedback from visitors that I do think it is real.
However, I don't know what tools I can use to remove this problem form the website.
09-19-2011 02:09 PM
Norton is identifying 126.96.36.199/home/index.php. if that helps at all. I am not affected on Firefox because NoScript stops the script from running. It is recognized on Internet Explorer immediately and blocked.
09-19-2011 03:50 PM
This explains why I only saw it using Internet Explorer.
This tool seems to have identified it for me: http://sitecheck.sucuri.net/scanner/
I may use them to see if they can clean it up for me.