Hi,

Some folks at my job are getting alerts with Avast when visiting morethanthecurve.com However other av products and online scanners are reporting it as clean. Can someone please look into this? If its a fp, can I be notified when its been rectified?

Ive blocked the site at my job for the time being.

Thanks!

Sucuri say infected, see attached sceen shot ( click to enlarge )

sucuri malware info: Malware entry: MW:IFRAME:HD202
http://sucuri.net/malware/malware-entry-mwiframehd202

VirusTotal - HTMLscan
http://www.virustotal.com/file-scan/report.html?id=5fcc22832c6fe8e2c451bb9c545ef93e1c9108ca36dcfe593c292699db4e32e7-1313680927

Interesting. I checked with AVG and it was clean, along with some online scanners. Will keep an eye on this thread. Thank you very much for your response!

well, no AV is as good as avast when it comes to detecting infected websites, that is an avast! speciality and they are usually correct

Agreed.

hmmm, only Avast and Fortinet flag it on virus total

I know. Interesting.

Hi folks,

iFrame check results:

Check took 47.23 seconds

(Level: 0) Url checked:
-http://morethanthecurve.com
Zeroiframes detected on this site: 1
No ad codes identified

(Level: 1) Url checked: (iframe source)
-http://www.karmacheckeronline.com/imeuyqkwkudm.php
avast Webshield blocks as JS:ScriptPE-inf[Trj]
Blank page / could not connect (because redirects to drive-by-dowmload site)
No ad codes identified This is the infectious iFrame, see:
http://www.urlvoid.com/scan/karmacheckeronline.com
This redirects/redirected to a Zeus dropzone 109.196.143.71
(do not know if this is still active and up?)

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-includes/js/jquery/jquery.js?ver=1.4.2
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-includes/js/swfobject.js?ver=2.2
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.0.1
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/dropdown-menu-widget/scripts/hoverintent.js?ver=3.0.1
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://ajax.cdnjs.com/ajax/plugins/jquery.social-sidebar/5.4/jquery.social-sidebar.min.js?ver=3.0.1
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-includes/js/tw-sack.js?ver=1.6.1
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/wp-email/email-js-packed.js?ver=2.40
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://static.ak.facebook.com/js/api_lib/v0.4/featureloader.js.php/en_us
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20100407
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (iframe source)
http://morethanthecurve.com/wp-includes/js/thickbox/+urlnoquery[0]+
Blank page / could not connect
No ad codes identified

(Level: 2) Url checked: (iframe source)
-http://morethanthecurve.com/wp-includes/js/thickbox/+urlnoquery[0]+
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (iframe source)
-http://morethanthecurve.com/wp-content/plugins/contact-form-7/+
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.6
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/shadowbox-js/shadowbox/shadowbox.js?ver=3.0
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
-http://morethanthecurve.com/wp-content/plugins/shadowbox-js/shadowbox/+file+
Blank page / could not connect
No ad codes identified

polonus

So survey says its infected?

Le bump.

Sorry most of those results are jibberish to me. So is this indeed an infection?

Yes, as long as the website has not been cleansed,

polonus

Many thanks!!!

there is a redirect to hxxp://wxw.karmacheckeronline.com/ but that link looks dead

Thanks yeah it weird. URLVoid says the site is clean but others say its infected. Wish I knew who was right/wrong here.

3 hidden external links are being found according to Unmasked Parasites, see attached gif.
The wordpress version used ast the site should be updated to make this site software is no longer vulnerable. So you should contatct the webmaster there and mention this very thread.
The links may not redirect to malware that is active or up at the moment, still the site is flagged because being compromised,

polonus

Thank you very much. Appreciate all the help. I will once again let the webmaster know.

Cheers.