There is a case that the web shield doesn’t work well.
The web shield doesn’t work when hxxp://www.timerental.jp/ is opened with Firefox 3.5.7, and Firefox tries to connect to the malware distribution site.
(The connection is blocked by my router. )
A standard shield works when the source code of the page is saved as a file, and detects it as JS:Illredir-C [Trj].
A similar phenomenon is confirmed also on infected other sites with JS:Illredir-C [Trj].
The connection is cut with the web shield in IE8.
Does anyone know a reason?
Log when IE8 is used
Warning : SYSTEM 1608 Sign of “JS:Illredir-C [Trj]” has been found in “hxxp://www.timerental.jp/” file.
Log when Firefox is used
– nothing
< environment >
Firefox 3.5.7
WinXP Pro SP3
IE8 (8.0.6001.18702)
avast4.8! Home (4.8.1368, VPS:100110-1, standard shield, network shield, web shield)
Works fine for me using firefox 3.5.7 also on XP Pro SP3, I get the alert (see image1) and abort connection does just that (image2) firefox shows connection reset.
If you haven’t got the following firefox add-ons I suggest you install them, NoScript and RequestPolicy. These security add-ons help prevent scripts being run and to cross site access .
Oops, If cache remains, it seems to become the above.
When I did view-source , it seems to have remained in the cache.
After I erased the cache, web shield works fine.
I did not know RequestPolicy.
I investigate it and want to add it to add-on.
If you elect to view the source avast would (or should I would have thought) alert as that source would contain the malicious script data, but in a text format.
