HTML:Script-inf

What to do? Suddenly we are getting Avast warnings when going to www. trippus . se , as far as I can understand the problem is this line of code: (have added some XXX not to trigger anything by mistake…)

When I go to the premiumoriginalprints . com site I also get two error messages.

I’ve contacted the folks at www trippus se and also the ones at premiumoriginalprints com, I’ve checked with Norton Safe web but there was no info there, but is now scheduled for testing.

Is there anything else I can do to speed up things? Any other good sites to check sites out?

Regards,
Peter

Hi There,

From this website analyze found suspicious :

http://wepawet.cs.ucsb.edu/view.php?hash=92bed3dcf5e8e95da413c2d1df881213&t=1258107630&type=js

But in other site i found the secure website result:

http://www.mywot.com/en/scorecard/www.trippus.se

Hi Yanto.Chiang,

At the time before the malcode insertion there, mentioned site could have been clean and reputable, and then that is what WOT (a reputation scanner) will give an all green. Also norton safe web gives an all green.
Every 3,6 seconds a reputable site with weaknesses/software holes and bugs etc. will get attacked and hacked by malcreants to use it towards their devious ends, that is redirecting to some malicious software laden site.
The avast webshield detects the malcode and disconnects from the site before the visitor of the site can be redirected and in this way infected.
Unmasked parasites gives that on 1 page tested without user consent malicious software was downloaded and installed.
DrWeb URL check gives the present status as clean:
Checking: http://wXw.trippus.nu
File size: 20.62 KB
File MD5: 36cc3e8467cd7f57c8109a412dc6dd88

http://wXw.trippus.nu - archive HTML

http://wXw.trippus.nu/Script.0 - Ok
http://wXw.trippus.nu/Script.1 - Ok
http://wXw.trippus.nu/Script.2 - Ok
http://wXw.trippus.nu/Script.3 - Ok
http://wXw.trippus.nu/Script.4 - Ok
http://wXw.trippus.nu - Ok

Checking: http://wXw.trippus.se
Engine version: 5.0.0.12182
Total virus-finding records: 781151
File size: 1316 bytes
File MD5: 5bb8a72b245adca17da49727e4e7462f

http://wXw.trippus.se - Ok

Another way to be protected against redirects and malscripts is to use the latest version of Firefox or Flock browser with the NoScript add-on installed, installing the RequestPolicy also will even minimize the danger of malicious requests further,

stay safe and secure is the wish of,

polonus (malware fighter)

Trippus has removed the code pointing to premiumoriginalprints . com so our problem is thus solved.

premiumoriginalprints . com still has the problem but that doesn’t concern me so I’m happy. I’ve informed them by mail so hopefully they will fix whatever problem they have.

Thanks for your input!

Regards,
Peter

Hi Polonus,

Thanks for your kindly advice, need to learn a lot things from you.

Regards,
Yanto Chiang

I think some viruses is now using js and Iframe to infects and spread through out the net…

So be alert, from now on I noticed that some viruses spreading through html, php, htm, etc. kind of webpage…

I think, that kind of skills is got from “W32:Vitro/Virut” virus because they can able to infects all webpage through using js or Iframe…

Thought has nothing to do with it, this is rampant with huge numbers of sites getting hacked - Every 3.6 seconds a website is infected http://forum.avast.com/index.php?topic=47096.msg396648#msg396648.

This is commonly down to old content management software being vulnerable, PHP, Joomla, Wordpress, SQL, etc. etc. being exploited.