Again that marvelous avast! Webshield!

Scanned: htxp://el.qaroto.com/feedback/?next=/questions/scope:all/sort:activity-desc/tags:|{gzip}

avast! Web Shield detects and blocks JS:Iframe-AQQ[Trj]

polonus

Sucuri. sitecheck.sucuri.net/results/el.qaroto.com/feedback

VirusTotal
https://www.virustotal.com/nb/file/b941f4ae3775de1094c69599e291e79585a87be4362492ce022b127b11a302c8/analysis/1385743038/

avast! Web Shield detects JS:GwLoad-A[Trj] in thethursdaylist dot com/{gzip}
Detected here: http://zulu.zscaler.com/submission/show/218c46698e9f9db91e2d8e700714f2f6-1385733760
and here: http://support.clean-mx.de/clean-mx/viruses?id=17580725
For avast detection: https://www.virustotal.com/nl/file/e924cf0960cd88bbebd7d7aa688a4e5db8e4b62804c70483af352ce6db56232c/analysis/

Not detected here: http://evuln.com/tools/malware-scanner/thethursdaylist.com/
Not detected here: http://maldb.com/thethursdaylist.com/

Verdict:

iFrame check: Suspicious register’
Suspicious Text after HTML

http://zulu.zscaler.com/submission/show/e9b64b5c5d75ab35c91839a385aff273-1385734332
Malware

polonus

This was part of the initial attack there: http://jsunpack.jeek.org/?report=e0498e7861928a097626a732feb03c2fc97fc3b9
Open in a browser with script blocker active and in a sandbox, jsunpack just for security researchers,

pol

This time the marvelous avast! Web Shield was triggered by a Quttera scan on htxp://www.freebannerbank.com/|{gzip}
and blocked and alerted JS:iFrame-AYT[Trj]
This was also found by an iFrame check: Suspicious

htxp://www.freebannerbank.com/work.php?n=2&size=1&c=’ See: htxp://jsunpack.jeek.org/?report=61fc7bc77c1dbd4b398eb8d971228ab29ea7588a
Note that avast! Web Shield will bark on this link, view with NoScript active in a sandboxed browser. For security researchers only!
Read: http://wordpress.org/support/topic/get-your-security-holes-fixed-damn-it (info credits to spencerp on WP support, many thanks)
The decoding of this: http://stackoverflow.com/questions/3391623/decode-some-injected-javascript

And Included Scripts: Suspect - please check list for unknown includes
Suspicious Script:
htxp://www.freebannerbank.com/javascripts/menu.js
e=eval(props.isclosable);if(props.isdragable)props.isdragable=eval(props.isdragable);if(props.isresizable)props.isre

We are being protected.

polonus