IDS flags Blackhole on site, others give clean....avast webshield protects

Hi forum friends,

See: http://zulu.zscaler.com/submission/show/a85c1235f6198e18d8c64d3665d103bd-1337118425 a green 15/100 benign (reported there)
http://urlquery.net/report.php?id=55898 flags ET CURRENT_EVENTS Blackhole Landing for prototype catch substr
Discussion of mentioned Emergingthreats sigs for ET CURRENT_EVENTS Possible Request for Blackhole Landing Page (class type:trojan-activity)
→ : http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/16217 (rules given by Kevin Ross)
IDS rules can only be used as additional form of protection and need a fully scaled JS interpreter installed as well next to it.
Malware is flagged as unknown_html_google_malware, but google safebrowsing now gives it as safe.

But the avast webshield flags this as JS:Blacole-K[Trj]
Again my good forum friends we are being protected here by the avast webshield!

polonus

Thanks for the heads up Polonus :slight_smile: