HTML:Iframe-inf alert on UStream (False positive?)

Viruses and worms
1

Hoping this is a false positive, but I got an alert on UStream (even on just its homepage) stating the claimed infection was HTML:Iframe-inf.

I will do a full scan now just in case, but I wanted to ask about it here in case it might really be just a false positive.

EDIT: The scan found nothing, and there are no other symptoms.

2

Sucuri say clean

VirusTotal URLscan
http://www.virustotal.com/url-scan/report.html?id=c20dccb8ee3251f39fd2ec63b57bd923-1320126737

VirusTotal HTMLscan
http://www.virustotal.com/file-scan/report.html?id=d472542168a3caa0a8dd064b0206611f81d98f2000bef27718f6d632334a25da-1320130343

Wepawet
http://wepawet.iseclab.org/view.php?hash=c20dccb8ee3251f39fd2ec63b57bd923&t=1320130821&type=js

3

Report 2011-11-01 07:39:50 (GMT 1)
Website ustream.tv
Domain Hash a17dced5316ab4a08dc64760706dd1f3
IP Address 199.66.238.51 [SCAN]
IP Hostname -
IP Country US (United States)
AS Number 29834
AS Name USTREAM - USTREAM.TV INC
Detections 0 / 23 (0 %)
Status CLEAN

Report 2011-11-01 11:06:25 (GMT 1)
IP Address 199.66.238.51
IP Hostname -
IP Country US
AS Number N/A
AS Name N/A
Detections 0 / 26 (0 %)
Status CLEAN

4

i have same problem
what to do ?
thanks

5

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

6

thanks Asyn
not sure its FP
ustream another… company without any contact form

7

You’re welcome…!

8

Hello,
we detect there stats1.in/stream?1 and it is a correct detection.

9

Thanks Sirmer…!

10

See: http://google.com/safebrowsing/diagnostic?site=stats1.in/ redirecting to a hidden iframe
McAfee comes up with: McAfee-GW-Edition 2010.1D 2011.10.31 Heuristic.LooksLike.HTML.Embedded-Data.N

polonus

11

nothing fixed ?
what to do?
thanks

12

Well, it’s a legit detection. (See Reply #7)

13

very strange… nobody correct anything
we will keep this message all days?

14

Send their webmaster to this topic.

15

ustream dont have any contact form
they dont care
they are just interested to sell advertising

16

Well, nothing else to suggest then, sorry.

17

Hi Asyn & tiptopweb,

There is a contact given: japanATustream.tv ,attn. Tomotaka Nakagawa, Chief Executive Officer of Ustream Asia (previously consumer PC developer for HP Japan. Mail him and he might know who to contact there,

polonus

18

I found an email address for feedback: feedback@ustream.tv
Or maybe posting somewhere on the forum might be of use: http://www.ustream.tv/forum/

So should those of us who got this alert be concerned? When I did a scan I found nothing (and there are no further symptoms aside from the alert), so is it safe to assume that Avast successfully blocked the threat?

19

Hi, Alden from Ustream here.

Thanks for reporting this and mentioning it on the Avast forums. I confirmed with our Ad Operations and Security lead that there was an ad unit that had been given to us from a network ad source that was triggering the alert. This ad source has been removed and the problem was identified and remedied immediately. If Avast has not yet rescanned and updated this, I am in the process of contactig Avast so we can make sure no further alerts are triggered, as there is no harmful content on our site.

20

Thank you very much for your reply, Alden! I am glad that the situation has been taken care of. =)