system
1
Is this a false positive?
It is a welknown Dutch opinionsite.
Infection Details
URL: http://xxx.joop.nl/fileadmin/template/inc/js/redirMobile-min.js|>{gzip}
Process: file://C:\Program Files\Mozilla Firefox\firefox.exe
Infection: html:Iframe-inf
xxx stands for www
Pondus
2
Sucuri say infected…
see attached screenshot
malware type
http://sucuri.net/malware/malware-entry-mwiframehd421
Pondus
3
Hi Klauwkikker & Pondus,
Scanned the IPframe redirect here: http://wepawet.iseclab.org/view.php?hash=52ee1c0c20d38b7edb071123b878a5aa&t=1311793379&type=js (malicious)
Exploit being abused is HPC URL Help Center URL Validation Vulnerability - CVE-2010-1885;
see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885
Also see attachec source code for the url you provided,
polonus
Pondus
5
Is this a false positive?
It is a welknown Dutch opinionsite.
Norman analysis confirms the detection is correct
redirMobile-min.js : Processed - HTML/Iframe.KY