Do not view site source in your browser by going to a malicious page...

Hi forum friends,

When scanning for malicious pages the best method to use is that of old cold reconnaissance.
Get the facts without actually going there. So scan the url with an online URL scanner. VirusTotal, Sucri SteCheck, UrlVoid, UrlQuery, there is a whole plethora to choose from.
Some scanners to scan code should be used with care, so use the scanner sandboxed or in a virtual environment with script blockers active. An example here is jsunpack, or using a malcode browser like malzilla. Scanning a malcious site even via a webproxy can be dangerous (in the best scenario the avast Networkshield or Webshield is going to alert and block the connection or Google Safeweb or a web rep extensions will ask you to go back on your tracks). In that case watch your clicks or cut and paste the suspect URL into an online scanner. Or come here and ask some of us that do this on a daily basis - Pondus, Asyn, Dim@rik, etc.
If you are notified a site has bad code, to go to that particular site in your browser and THEN requesting to view the source, could lead to an infection of the PC you are on.
If that malcode is active, up and responsive your computer (especially if vulnerable to the used injected code) could have an infection of some sort and the chance is there your av will not detect it. (If malcode is there and you are vulnerable you have a near 100% hit, even another random injection entry will hit your comp, but mind you, you are playing Russian roulette, so don’t. Have a nice Christmas folks,

polonus

Also viewing malcode at for instance via a online source code tool like a code viewer is not without risk, for instance a malware laden website code scanned at http://www.iwebtool.com/code_viewer. Scanning code of a site with a trojan horse led to a avast webshield alert for Win32:Zbot-NTC[Trj] So do not use such a method, and certainly not outside a virtual environment. Afterwards always scan your browser for cached remnants in which path could be: Users\name\AppData\Local\Google\Chrome\User Data\Default\Cache\f_etc. just to give an example. Scan with avast and upon finding malcode remnants let avast put this into the chest.
This is presented as a safe source viewer online: http://www.find-ip-address.org/site-viewer.php
but also leads to a webshield alert for Win32:Zbot-NTC[Trj] for the same file…
Well when scanning the URL here: http://source.domania.net/cgi-bin/source.cgi there was WOT to save me from opening the URL based on their database… Wepawet analysis did not produced any avast shields reaction. This also did not attract a shield alert: http://www.rexswain.com/cgi-bin/httpview.cgi

Running an additional sandbox and blocking scripts is a must.
Remarkable was that a jsunpack scan with NotScripts active in GoogleChrome did not produce a webshield reaction. Jsunpack scan results should always be watched by the security savvy with script blocked in the browser and running in a virtual environment,

polonus