HTML:Iframe-inf

Viruses and worms
1

In the past two days AVAST has detected something called HTML:Iframe-inf on several different websites that I have gone to. This has never happened to me before. Could it be something on my computer rather than malware on the site? I am running Firefox with NoScript and it was my impression that frames are blocked by NoScript. Any explanations, help or advice would be appreciated.

2

Hi yawetag,

You more or less answered your own question. You maybe safe as long as NoScript keeps the scripts at bay on those sites. But there are a lot of avast users that do not use Firefox or Flock with NoScript installed, and they need protection as well,

pol

3

Personally I don’t believe NoScript will make a blind bit of difference to an iFrame tag in firefox, even if you have the iframe option disabled in NoScript, Plugins as avast isn’t waiting for it to be fired.

As far as I’m aware even if noscript blocked iframes, avast would still detect the code on the page, so it is entirely possible that there are infected iframe tags on the sites you are visiting (even if disabled) and it is this avast is detecting.

Since you don’t mention any of the sites it isn’t possible to confirm that the detection is good or not ?

Give some examples of the URLs, change the http to hXXp so that the link isn’t active.

4

Personally i would get AD Blocker Plus with “EasyList” subscription along with NoScript

If you haven’t done so uncheck “Accept 3rd-party cookies”

Tools>Option>Click the privacy tab

5

Hi Whereisthelove,

You are an experienced Mozilla browser user as I grasp from what you comment, but I would go dual: use NoScript against scripts, and use RequestPolicy to block the rest. I work the two add-ons now side to side in my latest nightly download of the Minefield Firefox (yes I am one of these crazy thousands of test pilots, and in my Flock browser as well), then to close the vulnerability window even further subscription to some rule-lists for firekeeper-0.3.1. So these three extensions see after my in-browser security and privacy concerns (together with ABP make four security and privacy extensions).
But I have to agree with DavidR that the shields of Avast should be running additional to the above mentioned Mozilla extension visors (“browser cops”) that I mostly have blocking…

polonus

6

Sorry, it took me so long to get back to this.
Here are the websites.
I already reported these to stopbadware.org, mentioning of course that they could be FPs.
hxxp://www.joniandfriends.org/index.php
hxxp://modelingindia.com/
Thanks for the advice. I already use Adblock Plus but had not heard of EasyList or RequestPolicy; I will definitely check them out.

7

Hm, after disabling Web Shield, Network Shield is triggered on webpage hxxp://modelingindia.com because of hxxp://internetcountercheck.com. After checking the address with WOT, it says the page is malicious.
So based on this i can say it’s most probably not a false positive.
But only ALWIL guys can tell for sure.