avast! web shield has blocked a threat

Avast Free Antivirus / Premium Security
1

Hi,

I can’t access to ( Princess Juliana International Airport ) website …

http://www.pjiae.com/

avast give me this warning :

Infection : HTML:Iframe-inf
Action : Connection aborted

2

Try to see the result of WOT:
http://www.mywot.com/en/scorecard/www.pjiae.com

3

The iframe is pointing to hxxp://auto-stats.info/eng/in.cgi?2 ; a domain that was created just a week ago.

It looks like the domain is already unreachable. Maybe the company hosting auto-stats.info has already pulled the plug on whatever was lurking behind that link.

Since the iframe tag has dimensions of width=0 height=0 border=0 , my guess is that there was a malicious PDF hiding in there

4

Yup proving that WOT is still not that useful also ~_^

5

WOT isn’t an antivirus which checks in real time for infection, so its purpose/use is completely different.

The site does appear to have been hacked and avast isn’t alone in detecting this, though there are very few AVs looking for this type of infection much less detect it, see VT Results.
http://www.virustotal.com/analisis/fb4c3e8c03313745e3371ee3d16544943e6ee833c2fa6d36c86f20b66bafff97-1268498022

The inserted hidden iframe after the opening Body tag is the culprit and avast also blocks access to that site as it is considered malicious, see image.

6

Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast’s engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here.

7

Thank you all !

8

You’re welcome.

I think that there are others that detect this, but in this instance the actual inserted iframe looks innocuous with just a single line but I believe avast comes into its own by not only having the web shield but also the network shields malicious sites list.

I don’t know if in the case of iframe tags like this the web shield also checks the link against the malicious sites list. Suffice to say the web shield has a very good detection and accuracy rate on this type of thing.