Html: Iframe-inf

I got it when i went to hxxp://www.twoweekwait.com/ i have been going to this website for a year and it just set off my avast for the first time today. i have tried to report it to the person who runs the site but i cannot get ahold of their contact info due to not being able to access the website. is there any way you can tell me if it’s really infected?

Looks like the site has been hacked, a very common issue now.

There is a hidden iframe tag in the page code, redirecting to hXXp://reycross.com, why that would be there is strange, given that the iframe tag is inside a META tag.

There are also some other strange iframe tags later and I don’t know if they are legit, but possibly are.

The first hidden iframe tag is also repeated near the bottom of the page source code and yet again after the closing HTML tag, a standards no, no, and very suspect.

Every 3.6 seconds a website is infected http://forum.avast.com/index.php?topic=47096.msg396648#msg396648.

Hi Lapinska, welcome to the forum :slight_smile:

Unfortunately the site does seem to have been infected:

http://www.UnmaskParasites.com/security-report/?page=www.twoweekwait.com

There is an iframe that has been inserted into the page after the closing html and body tags, which is wrong. (image)

The domain it points to is known to be malicious, and is listed in a few malware lists, shown on page three here:

http://www.mywot.com/en/scorecard/reycross.com#page-3

This kind of detection is very common these days, with many ‘legitimate sites’ becoming hacked to distribute malware:

Every 3.6 seconds a website is infected


EDIT: Ahh…the preview never showed the post…hate when that happens…
I didn’t catch the fact that it repeats either… ::slight_smile:

EDIT2: Just a side note…it is a godaddy domain…which seems to be popular with the malware people…
http://www.malwarebytes.org/forums/index.php?act=Search&CODE=simpleresults&sid=2c0ada8d49bccbdecd657751401928e2&highlite=godaddy

Hi Lapinska,

Here is an infection report for this redirect to a page hosted on a Dutch site:

Hidden external link

reycross.com suspicious :arrow_upper_right: - displaying 1 of 1

Well that will have Lapinska in a spin, 3 comprehensive confirmations in short order, the site has been hacked ;D

Don’t know why it didn’t show your post though…had that happen a couple of times (just now in another thread)…

at least they are all slightly different… :wink:

haha, thanks guys. i just wanted to make sure it wasn’t just my computer or something. good grief, the internet isn’t safe to do anything anymore! I am sure the ‘hacker’ is targeting this particular site because it’s users are female and most women are computer illiterate ( no offense ) so they make an easy target. i’m a women but fortunately i’m a bit smarter than most; thanks again i will continue to try and contact the owner.

Hi Lapinska,

Security on the Internet is with the bright girls, always, and you now have all the info you need to convince the female? webmaster to do some cleansing of the website in question. This adding of malcode to trusted reputable sites comes with vulnerabilities in older website software(s) or in this case a PHP hack.

polonus

You’re welcome.

I somehow doubt this is a targeted attack just because it appeals to women or might be administered by women; for the most part there are bots (automated tools) that trawl the internet seeking out sites with vulnerable software that they can exploit.

If it were targeted then I would say the targets would be those sites that have huge audiences, when we see on these forums small websites as well as the mega sites.