Avast does not detect MSIL/Injector.BTP trojan?

See: https://www.virustotal.com/en/url/2abcaea628e859385938a20773d771136f6609b08d7c1e73880ca5400e7ce379/analysis/1378456661/
and
https://www.virustotal.com/en/file/edef7c185d79910884b280b87fd23ef01929425b0313e67f18baefaa245af9da/analysis/1370588959/
Quttera flags: http://quttera.com/detailed_report/www.hugs.zz.mu
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://error.hostinger.eu/403.php. Known PHISH: https://www.virustotal.com/en/url/d62fdc2599de151b0061a9949d4f2f20e176f628685d6c2187073354bae76339/analysis/
File size[byte]: 4294967295
File type: Unknown
MD5: 00000000000000000000000000000000
&
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details: → http://www.mywot.com/en/scorecard/hostinger.com?utm_source=addon&utm_content=popup-donuts & http://www.phishtank.com/phish_detail.php?phish_id=2003379&frame=details

polonus

Report:
http://zulu.zscaler.com/submission/show/ccb6326b32e07287251cf65294d2c5e0-1378459527

As you mentioned,Now redirects to some parked site called: hostinger.com/?

But wait…I confirm hostinger.com is bad:
http://urlquery.net/report.php?id=4991643
http://zulu.zscaler.com/submission/show/4b81b28c4344da30262b3637b041ebf3-1378459585

Suricata /w Emerging Threats Pro: ET RBN Known Russian Business Network IP (204)
ASN 47583 (II Hosting Media) has risk 80.0

Avast! should detect this as JS:ScriptXE-inf[trj]

Reported to virus AT avast DOT com

First submission 2012-11-21 09:54:35 UTC ( 9 months, 2 weeks ago )
https://www.virustotal.com/en/file/edef7c185d79910884b280b87fd23ef01929425b0313e67f18baefaa245af9da/analysis/1370588959/

the URL hugs.zz.mu/upload/crytped.exe redirect to this hostinger.com/? you see it in quttera link under suspicious
click picture in top right corner here http://urlquery.net/report.php?id=4991763 you see the new URL

Unmaskparasites http://www.UnmaskParasites.com/security-report/?page=hugs.zz.mu/upload/crytped.exe
one exploit reported http://www.google.com/safebrowsing/diagnostic?site=hugs.zz.mu/upload/crytped.exe

Good find Pol and Pondus.

More ever the server host more baddies:
http://urlquery.net/report.php?id=4988195
http://urlquery.net/report.php?id=4928419

from urlquery also notice domain on same IP
http://urlquery.net/report.php?id=4595682
http://urlquery.net/report.php?id=4579153

There should be a static detection in place for these baddies.

See: https://www.virustotal.com/nl/url/d62fdc2599de151b0061a9949d4f2f20e176f628685d6c2187073354bae76339/analysis/
Mail to code detected:

 href="mailto: 

polonus

Hi true indian.

The urlquery examples you provided in your posting above are being blocked by avast! Web Shield as infested with JS:Iframe-DJS[Trj] and JS:iFrame-CSU[Trj]
For the latter malware see: http://pastebin.com/7KZeW9jB

polonus

VirusTotal
https://www.virustotal.com/en/file/8c9194910a6d9752d3cad371e0bd706828204a0ffc34b0eab226745c34984c9c/analysis/1378463839/

First submission 2013-09-06 10:37:19 UTC ( 1 minute ago )