Avast has been blocking this on all sorts of websites for me (Amazon & Youtube most notably).
Is it just a false block/bug etc, or is it more sinister?
Welcome to the forums Mr Smells,
Could you please post a sample of the alert message? You may take a screenshot or copy the details in avast logs.
Given the URL in the title I would say that this particular case is correct as it looks like something trying to masquerade as google analytics.com when it is in fact eliysgtkaj.info (a really iffy domain name if I ever saw one). No record found for this domain name on a whois search.
Yeah, I had a feeling it was something like that.
@the guy above, I’ll attempt to recreate the circumstances.
Edit:
Alright, this is wierd.
I’d recreated the screenshot off Isohunt.com.
I went to tinypic to upload, this is what I got:
Hello,
this is not a false positive → its probably the most intensive attack through ad-sites ever made. I’m currently working on blog post on this topic. The good news for you (if you are using avast! with current vps update) is that you are protected.
Best Regards
Jirka Sejtko
It constantly is blocking it, on almost all the sites I use right now.
These include:
Google.com ← facepalm
And others…
As long as it’s currently blocking them, can I assume it’s alright to go about my usual internet things?
Hello,
I’m sorry about the longer response. As far as we were monitoring the threat I can say that you are fully protected from it.
We have to wait, what will be the next step made by the bad guys. If you want some detailed information → go to our blog: http://blog.avast.com/2010/02/18/ads-poisoning-–-jsprontexi/
Regards
Greetings -
I’m getting a similar msg from isoHunt but only if I search the site and the addr is a bit different :
“google.analytics.com.eututrywxvhd.info/kav/kav1.exe”
Thanks Avast guys !! I’m not seeing the block anywhere else as yet. I’m heading to your blog for more info as I support my own LAN and a couple of systems for my relatives. I’m not real savvy but, with 2 other jobs I don’t have much time to learn so, appreciate all the help you guys have provided but, could you price your Bart Cd a little lower for us pore folk ?!? I tested it and it’s truly awesome !!!
Thanks,
Denny