I was on Green Day Authority and avast! popped up on the following link;

hXXp://www.greendayauthority.com/download/mvideo.htm

Is it a FP?

12/04/2009 20:37:47 1239565067 SYSTEM 1512 Sign of “HTML:IFrame-BV [trj]” has been found in “hXXp://www.greendayauthority.com/download/mvideo.htm” file.

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?

Don’t think so, main page is fine; http://www.greendayauthority.com/

Just because the main page is fine doesn’t mean they all are and in this case that page has been hacked.

There is an iframe tag after the closing html tag a standards no, no and the url that it connects to is obfuscated, highly suspicious.

See image, I have broken the code down to make it easier to see as it is all on a single line.

Ah ok, I thought Tech meant they had been hacked recently so would have thought there would have been a note on the front page. Thank you.

You’re welcome, if you know them or regularly visit, you might want to drop them an email.

Yeah just did to the owner founder.

Hopefully it won;t take them long to resolve it, but they should check any content management software (like php) if they use any is up to date as old versions may be vulnerable to attack. They might also want to change their passwords for modification/uploads, etc.

Just wanted to post something else in here… The iFrame is still there, but I reinstalled Windows 7 lastnight on another partition and decided to try “ESET Smart Security - Home Edition” as I see so many people have it in their email sigs, tried the eicar test file, it picked it up, went to the page I reported in this thread, ESET did not pick it up. :-\

Thank god for avast! ;D ;D

Well it may not have even been looking for this type of infection, but avast’s web shield is all over it with a rash and I still haven’t found one incorrect detection in those that I have checked out in the forums.