the site looks legit, but avast constantly blocks them with this:
avast! [PC7]: File “http://www.stoncolighting.com/” is infected by “HTML:Script-inf” virus.
“Resident protection (Web Shield)” task used Version of current VPS file is 100517-0, 05/17/2010
should i globally whitelist the url in our server, or is this really a false positive?
avast isn’t alone in this as in trying to connect to check it out, firefox’s safe browsing alert pops up saying this is an attack site. This is the same for both sites.
So it looks like this site might well have been hacked.
What is the current listing status for stonco.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-05-15, and the last time suspicious content was found on this site was on 2010-05-15.
Malicious software includes 2 scripting exploit(s), 2 worm(s). Successful infection resulted in an average of 8 new process(es) on the target machine.
Malicious software is hosted on 4 domain(s), including kh76t.3322.org/, love2012.info/, caipiaoyuce.info/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including tlinee.com.cn/.
This site was hosted on 1 network(s) including AS7018 (ATT).</blockquote>
What is the current listing status for stoncolighting.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 10 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-05-16, and the last time suspicious content was found on this site was on 2010-05-16.
Malicious software includes 4 scripting exploit(s), 2 worm(s). Successful infection resulted in an average of 5 new process(es) on the target machine.
Malicious software is hosted on 5 domain(s), including bioeye.3322.org/, kh76t.3322.org/, love2012.info/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including tlinee.com.cn/.
This site was hosted on 1 network(s) including AS7018 (ATT).</blockquote>
i get 300 of these per day from various users who have a legitimate need to go to that site… from their resident protection, with today’s updated pattern file:
avast! [PC7]: File “http://www.stoncolighting.com/” is infected by “HTML:Script-inf” virus.
“Resident protection (Web Shield)” task used Version of current VPS file is 100517-0, 05/17/2010
they come to me by email, as defined in our server settings
Whilst avast no longer alerts, google safe browsing will take longer to remove this from its lists and as a consequence firefox which also uses this list will continue to block based in the listing. So they are going to have to contact google to have the listing revoked/reviewed.
yeah I went beyond the Google alerts in Chrome to check Avast behavior (both Chrome and Mozilla are using the same Google malware blocking tool, it’s the same database) … No blocking from Google in Firefox though ??? and again Avast sends nothing.
edit: this said I’m a bit surprised because the two sites belong to the “Philips” group…they may have been hacked, but they’re in no case malware “providers” ;D …or the sites are fake which I doubt.
I edited my last post >>> Google alerts strangely just in Chrome and not in Firefox. Thought that was referring to the exact same Google database in both browsers.
still waiting on the users screenshots - i wasn’t able to reproduce it on another avast machine, so it’s got to be a specific link they’re going to (?)
i did send a nice little email over to their tech department and their VP of marketing, maybe they’ll be motivated to check it out themselves
i’ve seen this in the past with shared hosting - some real malware sites on the same server as a legitimate site