https://www.virustotal.com/en/file/a129a8263dd3a17c7328a6c0debf1b66f60cc48af6c42d680fbb7d1f1b667b0a/analysis/1445052961/
hxxp://gecivaldolavajao.com/site/index.php
File name: Boleto-Via_Facil-PRF99348.234.exe
Detection ratio: 28 / 56
Threat Name:HEUR:Trojan.Script.Generic
This what comes in via that iFrame
var UtilMessage={query:"d="+window.location.hostname,pageName:pageName,url:""};if(typeof UtilMessage.query==="undefined"){UtilMessage.query="";}else{UtilMessage.url=UtilMessage.pageName+"?"+UtilMessage.query;}document.getElementById("body").innerHTML='<iframe frameborder="0" width="100%" height="100%" src="-http://www.uolhost.com.br/avisos-plataforma/'+UtilMessage.url+'" />';
Confirmed malware: http://urlquery.net/report.php?id=1445092096969
But is it still up? AOS now flags this, we have detection and also BitdefenderTrafficLight blocks access to that website.
polonus
AOS block this.
Again, I can’t see the purpose of this when only avast can do anything about it.
It should be reported directly to avast, rather than hope they might see it.
Hi DavidR,
You probably did not read the contents of this thread as it says: “AOS now flags it”. I think you know AOS stands for “Avast Online Security” the Avast extension in the browser. And this was reported to Avast as all non-detections are directly reported. And the purpose of it could also be that it is a heads-up to all that may read such a posting not to venture out here or report it to AOS inside the browser or even to WOT for that matter. I think not reacting to postings and live in ignorant bliss as we often experience here is much, much worse. Same goes for CharleyO’s thread in the “generals”. Everyone for instance should know that it is better not to use Adobe Flash anymore, still millions are unaware while highest officials now agree we’d better stop using this “zero-hole-factory”.
polonus
It isn’t that (I did read it), it is just the futility of posting this, the most appropriate action is to report it directly to avast so they can determine the action to take.
Personally I don’t use AOS (on this system, but have it on my other for support purposes), as I don’t believe it brings that much over the Web Shield.
Now I personally think that AOS as a browser web rep tool and a guide where to click or not is rather incomplete in comparison to tools like Bitdefender Traffic Light and even DrWeb’s extension, the former URL checker, well and even to WOTs. I do not know why not more users do report from inside the browser, etc.
I am always very interested in the WOT user reports for a website’s reputation, and many that report there do so very respectfully and with quite some expertise. As long as these reports are a bit recently.
I am not so much interested in what Avast detects, that is why I choose the software to be my AV of choice, but more in where Avast fails. I do not complain about the fact that all non-detects should be reported to Avast right away, but users should also be made aware what comes up as we poke the weak sides of Avast and where it goes belly up. ;D
There is another side to this all, also non-Avast users and I mean the website owners/admins with outdated software and misconfigurations and malware because of sheer neglicence should read these postings or the users that visit such sites should be made aware to report to website admins and hosters alike about insecurities that were found. Whether that will help much stays questionable, but all little improvements of the present situation helps. What I do here is
polonus