I clicked on the StogieReview dot com link at hxxp://www.cigaradvisor.com/reviews.cfm and got a warning from my Avast antivirus software that a i-frame virus was tryimg to load.
Avast prevented it from loading, so all is well.
I clicked on the StogieReview dot com link at hxxp://www.cigaradvisor.com/reviews.cfm and got a warning from my Avast antivirus software that a i-frame virus was tryimg to load.
Avast prevented it from loading, so all is well.
I have just done the same but I don’t get an alert.
What was the full URL of the detection - Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
When posting URLs to suspect sites, change the http to hXXp (as you did earlier) so the link isn’t active (clickable) avoiding accidental exposure.
Sign of “HTML:Iframe-inf” has been found in “hxxp://www.stogiereview.com/” file.
I don’t know where then I have just visited the site and no alert ???
Now I’m using firefox 3.0.10 with NoScript so scripts don’t get executed but that shouldn’t stop avast alerting as it doesn’t rely on the script running. Given that I have just allowed the site in NoScript (not generally advised) and still no alert.
I have checked the page source code and I can see nothing obvious, certain;y not an iframe, of a obfuscated script (which is commonly used to create and execute an iframe). So I’m at a loss.
When did this happen ?
They might well have had reports of the detections and resolved it, that however is speculation on my part.
5/2/2009 4:06:57 PM 1241294817 SYSTEM 1512 Sign of “HTML:Iframe-inf” has been found in “hxxp://www.stogiereview.com/” file.
Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
As I said:
I have checked the page source code and I can see nothing obvious, certain;y not an iframe, of a obfuscated script (which is commonly used to create and execute an iframe). So I'm at a loss.
I checked and believe me I could see nothing of what I have seen with other alerts by avast. Even the unmask parasites site found nothing.
Nor did Bad Stuff org, http://jutaky.no-ip.org/index.php?option=com_content&task=view&id=19&Itemid=32.
Nor did Exploit Prevention Labs, “Congratulations! LinkScanner Online did not find any exploits.”
Nor did DrWeb Link Checker.
Nor did - Norton Safe Web found no issues with this site.
So I think you can get the picture, every check I did came up clean.