Does avast detect script-blogfa-js?

The malware is at: htxp//mythemes.ir/t33/script-blogfa.js

Nothing found here:
See: http://www.virustotal.com/url-scan/report.html?id=c519849105caf7b6da391526c04a3740-1298216531
Flagged here:
See malware details: http://sucuri.net/malware/entry/MW:IFRAME:HD28,
Javascript encoding used to hide a malicious iframe

For the script also: htxp://jsunpack.jeek.org/dec/go?report=baa5633ff787981a08c2aca676b72228e71d9b5a
(given as benign, see attached)

Look here: http://vscan.urlvoid.com/analysis/d7ac7863baf6d63ec18b39db8aaaf1ef/c2NyaXB0LWJsb2dmYS1qcw==/

polonus

Nope, only Avira detect

VirusTotal - script-blogfa.js - 1/43
http://www.virustotal.com/file-scan/report.html?id=a082c59b50022dad5fdd2a637bd03799444663d8240d67d79724e6a26655b584-1298225202

Also malware reported by Sucuri Scanner

Hi Pondus,

Check here: http://rexbd.net/validator/index.php?url=http
Look here: http://wepawet.iseclab.org/view.php?hash=c519849105caf7b6da391526c04a3740&t=1298226589&type=js (crypto)
It would be better if this heuristic script was found proactively by avast, because afterwards it has to be cleansed from the browser cache (or removed from user/app data) and one could be in need a flash desinfection routine. It is always a good habit for users to go and give their user file. e.g.: Computer: users : username etc. a thorough scan once in a while. I personally found up a couple of issues after a full scan, after using malzilla.
For that reason it is also a good procedure to clean up after a browser session,

polonus

I have submitted this script to avast via the chest, with a link included.

Pol, be sure to check the malzilla settings to clear cache on exit :wink:

Hi spgSCOTT,

Thanks for the tip, but the settings are set that way. First instance it had run it sandboxed and then you also have to empty the contents of the sandbox, thanks for submitting the script,

pol

Nice to see malwares from Iran! ;D

NORMAN analysis confirms it is malware

script-blogfa.js : Processed - JS/Agent.KA