Hi

When going to this website : hxttp://blog.karentran.com/?tag=rhinestone-sea-shells we get this series of error alerts

http://member.agha.com.au/images/avast.jpg

and relevant messages in ADNM console as well.

All browsing is initially filtered by a message labs proxy, and when asking them why they aren’t blocking this, they are adamant there is nothing wrong with that website. Can anyone help advise whats going on here?

Thanks

Hi DavidW, welcome to the forum

avast! is right, there is an iframe that loads malicious content (as observed by the first alert in your image) avoiding the scanning by using port 8080, which doesn’t work. The reason it was hacked? The version of Wordpress used is out of date and leaves the site vulnerable to attack.

This kind of detection is very common these days, with many ‘legitimate sites’ becoming hacked to distribute malware:

Every 3.6 seconds a website is infected

The info can be seen here:
http://www.UnmaskParasites.com/security-report/?page=blog.karentran.com/%3Ftag%3Drhinestone-sea-shells

Oddly though, I cannot understand why you get the standard shield alerting and then the webshield, it should be the other way around, and the webshield should stop the rest getting through as well.

-Scott-

Thanks