Again the avast! Webshield - never go without it, guys and gals!

detected here: -http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2F1lira.blogspot.fr%2F2008_05_01_archive.html+&useragentheader=&acceptheader=
as JS:Autolike-E[Trj] equals Trojans detected:
Object: htxp://1lira.blogspot.fr/2008_05_01_archive.html
SHA1: 60baa42d5272e0bd141bee3848bb2047b94b982c
Name: TrojWare.JS.Faceliker.B

pol

Missed by many scanners, but avast! Webshield detects as JS;Clickjack-B[Trj]
Trojans detected:
Object: htxp://catasti.it/
SHA1: 76296b6af82b7ee5edd7c9bc2b5bc39cbc23c8be
Name: TrojWare.JS.Agent.caa

Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}dnnViewState();

ISSUE DETECTED DEFINITION INFECTED URL
SEO Spam MW:SPAM:SEO htxp://catasti.it
SEO Spam MW:SPAM:SEO htxp://catasti.it/index.php/contattaci

Shalla Secure Services does not have it. Missed at: http://killmalware.com/catasti.it/

These 3 have: https://www.virustotal.com/nl/url/8886175355d88c6a84ce922ba6567ce2dbc1080f5499e203f0bec4e38b0b6719/analysis/1411478597/

Javascript check: Suspicious

nguage=“javascript”> function dnnviewstate() { var a=0,m,v,t,z,x=new array(‘9091968376’,‘8887918192818786347374918784939277359287883421333333338896’,‘778787’,'94999

Web application details:
Application: Joomla! - Open Source Content Management - http://www.joomla.org
Running Plesk 10.3: catasti.it:8443

Web application version:
Joomla Version 2.5.7 for: htxp://catasti.it/media/media/js/mediamanager.js
Joomla Version 2.5.8 for: htxp://catasti.it/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Plesk version 10.3 outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.20 or 3.3
Outdated Plesk Found: Plesk 10.3

pol

There is another one on that site that avast! Webshield detects as JS:HideMe-I[Trj].
See attached image. (set out in blue, folks!)

pol

P.S. This is a cloaking Black Hat SEO Technique - wordpress hack. read: http://stackoverflow.com/questions/15237789/how-to-reverse-engineer-a-hidden-js-script (link maybe detected as above Trojan by the webshield). Else read here: script in header: http://forum.bytesforall.com/showthread.php?t=19168

D