Bitdefender TrafficLight blocks site as malicious!

See: https://www.virustotal.com/nl/url/452243bc52b187c366e1eaea34da56d1e64dd61f20f40e532b9d1c0849d62b6d/analysis/1386611926/
Infected with dynamic content flagged as C2/Generic-A.
No alerts here: http://urlquery.net/report.php?id=8280716
Issues flagged: Javascript check: Suspicious
? " htxps://" : " htxp://“); document.write(unescape(”%3cscript src=‘" + _bdhmprotocol + "hm.baidu.dot om/h.js%3fb16fdc1202a3f8b08192071409cee281’ type=‘text/javascript’%3e%3c/script…
404 error check: Suspicious 404 Page:
document.write(unescape(“%3cscript src='” + _bdhmprotocol + "hm.baidu dot com/h.js%3fb16fdc1202a3f8b08192071409cee281’ type=

Malcode on IP: http://support.clean-mx.de/clean-mx/viruses.php?review=122.112.2.14&sort=id%20DESC
two instances of this malware been closed!

Re: http://www.snort.org/search/sid/17528 → ( nginx/0.6.35 vulnerable?)

Attack scenario went roughly through these stages (not all given-pol) → htxp://log.nrparking.com/baiduunion/css/client.css" via “htxp://cpro.baidustatic.com/cpro/ui/dp.js” search content container col16" class = a content-container - landing somewhere in: hm.baidu dot com/h.js%3Fb16fdc1202a3f8b08192071409cee281’ type=‘text/javascript’%3E%3C/script%3E") leading to compromittal!

pol

Hi folks,

Knew I had been here before, the déjà vu is here: http://forum.avast.com/index.php?topic=139194.0
So probably once again a false positive?

polonus