Detected by Avast - WSHshell.Run VNS defacement on website - VBS:Agent-KZ [Trj]

Avast detects as VBS:Agent-KZ [Trj] → http://killmalware.com/freeargyle.com/#
index.html
Severity: Malicious
Reason: Detected malicious drive-by-download attack
Details: Malicious obfuscated JavaScript threat
Offset: 10745
Threat dump: View code see: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Ffreeargyle.com&useragent=Fetch+useragent&accept_encoding= script
Threat dump MD5: 4667FB094040103F5F964564346C0007
File size[byte]: 227712
File type: HTML
Page/File MD5: A9AE7566ED4213984FA02C1BC9DA73AB

Yandex has detected malware on this site that may harm your computer or gain access to your personal information.
Re: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=freeargyle.com

A likewise attack analyzed here: http://izumino.jp/Security/analyze/23601646.html
Scan duration[sec]: 0.043000

pol

Update - still detected - Avast detects: VBS:Agent-KZ [Trj]
Further result there: Results from scanning URL: -http://code.jquery.com/jquery.min.js
Number of sources found: 43
Number of sinks found: 19

polonus

Update - another one (abuse at GoDaddy) and again flagged by Avast and Google Safebrowsing blocked: http://killmalware.com/ssitechserve.com/#
See: http://toolbar.netcraft.com/site_report?url=http://23.229.190.160
See analysis here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fssitechserve.com%2F&useragent=Fetch+useragent&accept_encoding=

referenced content () (i.e. css, rss)
link type rel
-http://www.iraqeyes.com/vb/images/icons/arabi25[1].gif image/x-icon icon
-https://fonts.googleapis.com/css?family=Iceland text/css stylesheet

Embedded content, images
-http://www.mofa.gov.iq/img/landing/about-iraq/flag.jpeg (http://www.mofa.gov.iq/img/landing/about-iraq/flag.jpeg)

Malware is at scripts on the fetch page…do not visit.

Mail Servers Have A Records
FAIL: I’ve found mail servers without A records:
– -mail.ssitechserve.com. → ?
To reach your mail servers via IPv4 an A record is needed for each mail server.

WARNING: Found CNAMEs in MX records, invalid MX records:
-mail.ssitechserve.com.
RFC 2181, section 10.3 says that host name must map directly to one or more address record (A or AAAA) and must not point to any CNAME records. RFC 1034, section 3.6.2 says if a name appears in the right-hand side of RR (Resource Record) it should not appear in the left-hand name of CNAME RR, thus CNAME records should not be used with NS and MX records. Despite this restrictions, there are many working configuration using CNAME with NS and MX records.

polonus