Hi…I’m trying to view viewmy.tv for the first time and while investigating the website before jumping into it, when I clicked on a category at the top of their website called “blog”, my Avast! sounded an alert informing me a virus had been detected but gave me the option to abort connection, and I did. I chose to try another page called “next blog”, and it was all right.
I contacted the website and asked if they indeed had a virus on that page or if perhaps my Avast! was picking up something it shouldn’t.
In the meantime, do you know if I should worry about this? Could it be a mistake by Avast? I will not enter that page until I discover the answer.
ADDENDUM TO MY POST…I just received a response from viewmy.tv and was informed that he has now removed the Iframes from the first page of “blogs” … that there was no virus, and that he has informed Avast! He asked me to check it out, again…I did and this time all is well.
Please forgive me for using up space here that - as it turns out - was not necessary. Yet, perhaps what has happened to me might be of “some” benefit to others…by contacting the website involved and hoping to receive a reply (as long as the reply can be trusted, I guess).
There are many sites being hacked by inserting iFrame tags that point to malicious sites, and avast has been very hot on this method of attack as can be seen in these forums. There have been very, very, few that turn out to be no virus.
The problem isn’t solved as that page link you gave still alerts and there is a hidden iframe tag after the closing /html tag a standards no, no, so highly suspicious that it may have been hacked considering as you say, they removed the iframes (it’s back, see image)
The url it is pointing at appears to be trying to look like google but it isn’t goooogleadsence.biz and a google search indicates it in other hidden iframe attacks. So it site is most certainly hacked.
Thank you for responding to my post. I went back to the website, but my Avast did not sound an alert when I linked to the “blog” links. When I linked to the blog that said “Next Blog”, I see that the web page does NOT belong there, but quite frankly, I don’t recall seeing that page, so perhaps I only linked to the “SEARCH THIS BLOG” link instead during my first visit!
This was what happened the first time…
I went to “viewmy.tv”, and directly underneath its logo (top left corner of page) are the following website links: LOGIN…REGISTER…ABOUT US…FORUMS…BLOG (and it was this “BLOG” that set off the Avast alarm) So, that particular “BLOG” link was fixed, according to my email from “viewmy.tv”, and the response was as follows: “There is no virus, the alert happens cause of an iframe that gets a list of scrolling sites from www.brandstation.tv I have remove those iframes now from the first page of the blogs, has the alert gone now? I have also contacted avast, thanks.”
Are you saying that the first page “BLOG” link is still not correct? OR…are you referring to the 2nd page “Next Blog” that definitely takes you out of their website (which, of course, should not be there)?
No, that isn’t why, avast isn’t trying to connect to that url it is detecting the hidden iframe in that url below.
The detection isn’t found as the alert is on the hXXp://www.brandstation.tv/widgets/bslister/ (edit it is still alerting on this url) so the fact the target page of the iframe can’t be found is irrelevant. It was never mentioned in the alert and is only mentioned here because I found it in the hidden iframe tag and posted the image.
I typed the URL in the address, but perhaps you wanted me to paste it instead?
Plus…I did nothing else to my system…I still have NoScript running as I did previously, but I changed nothing.
TO polonus…I really don’t know what you said (sorry!!).
I would suggest you copy and paste, but what you might not have noticed was the subtle change in the URL the HTTP is changed to HXXP, this is done to avoid the link being active (avoids accidental exposure) and you would have to change the XX back to tt.
The NoScript would make no difference to avast actually detecting this, what it would do if you had iframes disabled in noscript (not a default setting) it would stop the iframe executing.
It was brought to our attention today by Shalimar (thank you) that the Avast application was alerting users of a potential virus on our blog site.
Well, there was NO VIRUS, the Avast application was causing the alert due to an iframe that displayed information from another domain. (e.g. from one of our other domains)… that is exactly what iframes are allowed to do!
Reference: http://en.wikipedia.org/wiki/IFrame
However because some our our users may be using Avast, we have now removed the blog posts where the iframe code was being used.
We have also contacted Avast to suggest that “just because a webpage uses an iframe with contents from another domain, it doesn’t mean there is a virus on that site”!!
Yes we are well aware that there can be cross domain scripting issues but that was not the case! We do take all potential virus threats very seriously.
Well what about the fact that the iframe is a) hidden, b) outside the closing html tag (often the case in iframe injection) and c) the domain referenced in the iframe tag is the subject of many hidden iframe injection reports.
I don’t know where exactly you were looking but it is on the default/index page of this URL, hXXp://www.brandstation.tv/widgets/bslister/ which doesn’t appear to be on the viewmyblog domain that you mention.
TO: DAVIDR
Thank you so much for all your assistance…I really do appreciate it!!! (Persistence really can pay off!)
I think it was great that Peter of viewmy.tv jumped right in and participated, too, in order to help resolve the problem.
TO: Polonus
Happy? Hmmm…happy as a honey bee in a field of wildflowers! Thanks!
It is a breath of fresh air when someone from the company takes a direct interest (some would just deny the problem exists) as this does make it easier to resolve than going through a third party.
First link there are a couple of hiden iframe tags after the closing html tag a standards no, no, one too google-stat.com which somehow I don’t thing is google and legit. See images, I have broken up the code to make it easier to see in the image as it is all on one line.