avast! Webshield detects JS:iFrame-CRC[Trj]

Viruses and worms
1

See: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.blendent.ee
detected as JS:iFrame-CRC[Trj] by the avast! Web Shield, while a lot of scanners miss this javascript detection in
hxtp://www.blendent.ee/templates/siteground-j16-2/js/conf.js
SHA1: 45c2d2a9597fb38486675ee6498935522203e4f3

polonus

2

Also blacklisted by Scumware.org: https://www.virustotal.com/en/url/4b72cd4e23df1f8503640f644b67515c71cb7ef7a5fe7ec4dedb6042a30b036a/analysis/1380385274/
Virustotal Scan of the file: https://www.virustotal.com/en/file/8932e44e2c460f38dd5de2376cc63c128bf5dffd00e0f80ac928cce30dcff0c4/analysis/1380385276/
Blocked by TrendMicro:http://global.sitesafety.trendmicro.com/result.php

Clean by Quettra: http://www.quttera.com/detailed_report/www.blendent.ee
URLQuery: http://urlquery.net/report.php?id=6062219
Zulu: http://zulu.zscaler.com/submission/show/b30946803742bb25f59fd118ff5b81f8-1380385641
Safe by AVG.

3

Well in the mean time detection level has been raised, on htxp://www.blendent.ee/templates/siteground-j16-2/js/conf.js
See: https://www.virustotal.com/en/file/8932e44e2c460f38dd5de2376cc63c128bf5dffd00e0f80ac928cce30dcff0c4/analysis/1380387365/
Likewise virus found here: http://support.clean-mx.de/clean-mx/viruses?virusname=Trojan.JS.QVC
Some avast does not detect: https://www.virustotal.com/en/file/cf1437e32da95c5673135ded73bed9e1eb2b7ee09849bd215f1c4c2ea032183f/analysis/
and here: https://www.virustotal.com/en/file/d0f1bcd1e9a0eb6be0351bf7498194f626d895487a30d854f6558fd186e5b466/analysis/
while still up and alive…re: http://jsunpack.jeek.org/?report=344a30ce9dbd6abf877c18e33ec54aa7d6c5b7da (for security researchers only visit with NoScript active and in a VM) → missed here: http://urlquery.net/report.php?id=6083610 and given as suspicious here: http://zulu.zscaler.com/submission/show/94d7d84145c4981e8237eec8cee9d48f-1380490190
282 potential;y suspicious files flagged here: http://www.quttera.com/detailed_report/ukanen72.land.ru
insecurity: Detected potentially suspicious initialization of function pointer to JavaScript method document.write

polonus