Just look at the attached image, things there that should not be there and therefore are being detected,
a hidden iFrame to htxp://jjibuswjoxk.com/ld/gnh11 might be at the crux why it has been flagged,
Re: http://support.clean-mx.de/clean-mx/viruses?id=607901
Report 2010-07-03 00:57:33 (GMT 1)
Website bibliotecapleyades.net
Domain Hash faf02b719de58c49619a77851467ddf1
IP Address 62.149.128.163 [SCAN]
IP Hostname mxd2.aruba.it
IP Country IT (Italy)
AS Number 31034
AS Name ARUBA-ASN Aruba S.p.A. - Network
Detections 0 / 17 (0 %)
Status CLEAN
All scanners give it clean, they are somehow mistaken, because there is an hidden iFramelink to a malware domain there as I demonstrated, whether it is a live link or not, it should not be there. The malware domain is not available at this moment or has been removed by authorities, but that does not mean that the site has not been hacked or been infested before!
The site has become malscript injected at some time, so not clean and is still vulnerable at the moment, again the avast shields worked perfectly well,
Maccalusso should thank avast for the detection,
Thanks for all the responses. I would tend to agree with polonus that there is still some sort of threat embedded into the site, perhaps due to the nature of the information posted there.
And yes, I am thankful that Avast works as advertised. I’ve only used the program for a few weeks since my BitDefender subscription expired but I’ve found it quite impressive, especially being that it’s free. Cheers
Good for your users as reported by Pondus that the threat code does not have any payload anymore now because the site the code re-directed to was apparently taken down, but your website programs should be upgraded and patched so the injectors do not play the same trick with an hidden iFrame injection against your site once more. For what measures to take to cleanse and protect from hidden iFrame injections, read here: http://www.diovo.com/2009/03/hidden-iframe-injection-attacks/