Does Avast dislike iframes?

Free Version 8.0.1497 Definition File 130919-4 on Windows XP Pro SP3

I have a site with a link to a date and time website.

Sometimes Avast reports the iframe element as a problem and blocks the page, other times not - it seems to vary as definition files are released and update…as far as I am aware, the website poses no threat or risk.

Would anyone have any comments or advice, please?

Thank you.

what is the website URL ?

can you attach a screenshot of avast warning ?

The feed comes from http://www.timeanddate.com/

Sorry, I can’t provide the message, I’ve sinced cleaned up my machine and after I re-started, the history had gone.

The latest Virus Definition File 130918-4, so I can only assume a typo in your post.
Well iframes aren’t the issue, rather the content of the iframe. Frequently iframes are used to access 3rd party sites and can either import data or run scripts.

Having visited that link using firefox 24.0 I don’t get any alert, which is why there was a suggestion to post a screenshot of the alert.

Not sure what you cleaned up on your system, the alert info should still be in the web shield log info.

the only thing i find is this…

urlQuery report: http://urlquery.net/report.php?id=5535891
scroll down to Recent reports on same IP/ASN/Domain there you find some URL that have detection from Suricata filter

like this one http://urlquery.net/report.php?id=5535425 see Suricata detection under Intrusion Detection Systems

Sorry on 2 counts - I mis-typed the definition number and found the web log (attached)

This morning (before the last definition update) it reported a problem, but now when I try it, it seems ok?

To me (your attached image) that is an indication of an infection, probably a hacked site.

The favicon.ico file is the little image that is placed to the left of address area in your browser window. Since these are images, it is highly suspect for it to contain an iframe in that file.

So somewhere there was a redirection from the timeanddate.com to the christabelli.com/favicon.ico file and that is what avast is complaining about suspect iframe inside a favicon.ico file.

I can’t find any reference/redirect to christabelli.com on the timeanddate.com, perhaps it has been removed by the sites webmaster, etc.

David
Thank you for the time and trouble you took to investugate - I’ll just keep my eye on things and see if I have any future warnings…

You’re welcome, hopefully the issue has been resolved at the primary site.

(current definition file 130919-1)
Just now I had this warning…2 screenshots attached…it’s my friend’s company website…I’m not sure what this new warning means…

Second shot…

seems avast detected a exploit in the .php file

scan your friends website here. http://sitecheck.sucuri.net/scanner/
post link to scan result in next reply

That check shows the attached…

easier with the link. :wink:

sucuri report. http://sitecheck.sucuri.net/results/hitechsteels.com

sucuri info. http://labs.sucuri.net/db/malware/php-error-headers-already-sent

Ok, I’ll remember that next time :slight_smile:
But what is the problem? Is it a site problem that they need to be aware of, or something I can do/change on my machine?

the problem is on the website… give the info (link to this topic) to your friend or the one that manage his website

or he can use Sucuri … but they are not free. http://sucuri.net/signup

Hello,
this alert means, that you was redirected by hidden iframe to one stage of Blackhole Exploit kit.
In this stage, javascript check your browser for vulnerabilities.

If you open “Avast → Security → Web Shield → shield log” and move mouse over URL column, you will see whole address instead of hxxp://…/ and we can determine which files to look for.

It was the Script Shield that captured it - copy attached - but the site I was visiting when it happened was http://www.hitechsteels.com/

Thank you, i made a little check and site hitechsteels.com have vulnerabilities.
Admin should update word-press plugins and most of all the nextgen gallery plugin.
Site might be allready infected so restoring it from backup and update could be a way to get rid of it.

already posted here. http://forum.avast.com/index.php?topic=135196.msg990214#msg990214