Is it false alarm for Todaybit website?

Dear,

I always use Todaybit website.
There was no problem with Avast before.
Until this morning Avast blocked this website.

Can you check if it is a false alarm or not, please?
Thanks :slight_smile:

Infection Details
URL: http://www.todaybit.com/|{gzip}
Infection: HTML:FBJack-A [Trj]

1 detected only blacklisted

http://sitecheck.sucuri.net/results/www.todaybit.com/

detected as clean

https://www.virustotal.com/en/url/b0f64e0224a472d048d644016ad8e4861dbc87386d0e1f5cc1921f52d2dcb47f/analysis/1368321681/

http://zulu.zscaler.com/submission/show/d7cd106edadb37213a34ea2f6c3fe62b-1368323578

http://www.urlvoid.com/scan/todaybit.com/

http://quttera.com/detailed_report/www.todaybit.com

http://wepawet.iseclab.org/view.php?hash=e9b1514cc82ba785ce70b04f7d6edf63&t=1368321792&type=js

It was unblocked few minutes ago

Dear Jefferson,
Thank you very much for your help.
It’s very useful. :slight_smile:

I’ve just tried to open this website again,
but Avast still blocked this website.
Do I have to wait until the next update?
Or is there anything I have to do?

Now VirusTotal reported that SCUMWARE.org found a malware.

SCUMWARE.org URL description
This URL is or was distributing a malware variant of Troj/Iframe-ET

https://www.virustotal.com/en/url/b0f64e0224a472d048d644016ad8e4861dbc87386d0e1f5cc1921f52d2dcb47f/analysis/1368348432/

hi Phongsathon,

http://urlquery.net/report.php?id=2427887 shows no current anomalies at the moment. However, having said that, this does not mean this IP address (103.22.182.242) has never been infected. If you look at the last 6 reports on this IP, you will see both alerts and IDS detections noted as recently as November 12, 2012.

avast! detections, as a rule, are almost always spot-on, but sometimes the webmaster must contact avast! and ask for an exclusion for the website itself within that domain if he/she believes their site is clean.

avast! does tend to block all sites within a domain on first detection, so the only way to fix is to have the webmaster contact avast!.

IF there is actually a trojan present, at least avast! is protecting you.

Hi mchain,

Here we see typical sites with that infection: http://support.clean-mx.de/clean-mx/viruses?virusname=HTML:FBJack-A+Trj
The site in this thread is being protected through Rapid 7 and has 523,000 Yahoo backlinks
Site is being blacklisted by SiteAdvisor’s.
The virus avast! flags comes from social engineering triggers an automatic Like on Facebook for malicious URLs and displays the link on the wall of the currently logged user. List of javascripts found
js.js
htxp://tracker.stats.in.th/tracker.php?uid=4846
List of iframes included
htxp://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Aelese7/615734661789180?fref=ts&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80
yengo.html
htxp://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/todaybit&width=800&colorscheme=light&show_faces=true&stream=false&header=false&height=260

polonus

Thanks mchain and polonus.
I told Todaybit (on Facebook) to check the website,
then contact Avast and McAfee SiteAdvisor.
https://www.facebook.com/todaybit

Now VirusTotal reported that CLEAN MX also classified Todaybit as a malware site.
https://www.virustotal.com/en/url/b0f64e0224a472d048d644016ad8e4861dbc87386d0e1f5cc1921f52d2dcb47f/analysis/1368400773/

Hello,
sorry but our detection is a correct. Here you can find virustotal results: https://www.virustotal.com/en/file/4a873a71b2d8167a633835d0e404dc6a98e9d2c1172778b4c6303bd8ca36d906/analysis/1368602012/

Dear Sirmer,

Thank you very much. :slight_smile: