I was on a not safe for work reddit page. (WARNING ADULT CONTENT IN LINK) This one in particular http://www.reddit.com/r/nsfwhardcore/controversial/

and I use the chrome extension hoverzoom to save time clicking every image and link. Into the second page I hoverzoomed over an image and recieved a pop up from Avast saying it just blocked URL: MAL, referring to the imaged I just zoomed on.

Here’s the image of the avast pop up http://1drv.ms/1GDjMZO

I did not visit the link in the avast pop up, I simply hovered over the image that was from that source.

Is this a false positive? Is it actually possible to get infected just by hoverzooming a gif/image? Should I be worried from here about this pop up? I have not visited any other sites of this nature. I figured hoverzooming over reddit pics was a safe bet.

Is this a false positive?

https://www.virustotal.com/en/
http://killmalware.com
http://sitecheck.sucuri.net
http://zulu.zscaler.com

And not surprised to see a bad url block on a adult website

Virus total: Negative
kllmalware: negative
sitecheck: Website Errors Detected Critical Contact your Hosting Provider
Status: Unable to properly scan your site. HTTP Errors Returned.
Zulu: Negative

I took a risk and copy and pasted the said infected link and it took me to an error page and avast gave me the same pop up. http://1drv.ms/1GDjMZO

What could this mean?

If you want to give us scan results, always give link or there will be a ton of extra info we cant see

http://zulu.zscaler.com/submission/show/885277c63901deb78fd5962da4b2cf7f-1421973408

http://sitecheck.sucuri.net/results/i.prbluechip.com/wp-content/uploads/2015/01/great-view.jpg

https://www.virustotal.com/en/url/e480d6544ae4928ae3720eb9438ce54d5f710a271701538914d4b1906e3d2ab4/analysis/1421973729/

http://killmalware.com/i.prbluechip.com/wp-content/uploads/2015/01/great-view.jpg

So these results make me feel easy again, but why does pasting the link still make avast give me that pop up?

Main issue here is rejecting mail aka SPAM
-alt2.aspmx.l.google.com. 74.125.130.27 ? ?
-alt1.aspmx.l.google.com. 64.233.163.27 ? ?
-aspmx3.googlemail.com. 74.125.130.27 ? ?
-aspmx2.googlemail.com. 64.233.163.27 ? ?
-aspmx.l.google.com. 2a00:1450:400c:c09::1b ? ?
-alt2.aspmx.l.google.com. 2404:6800:4003:c01::1a ? ?
-alt1.aspmx.l.google.com. 2a00:1450:4010:c06::1b ? ?
-aspmx3.googlemail.com. 2404:6800:4003:c01::1a ? ?
-aspmx2.googlemail.com. 2a00:1450:4010:c06::1a ?
See: http://www.dnsinspect.com/reddit.com/1421973253

IP reported: http://anti-hacker-alliance.com/index.php?details=198.41.208.143

Issues here: https://certlogik.com/ssl-checker/www.reddit.com/

I see no direct malware threat other than phishing/spam related.

polonus

So the lesson here was to just not click it? My main concern is can I obtain malware by using hoverzoom over images like I was?
I believed I had to click or download to be infected.

Your virustotal scan is wrong … you have scanned the sucuri scan link result

ipvoid.com http://www.urlvoid.com/ip/94.23.158.216 multiple domains on same ip, some are blacklisted
So it may be a general ip block

hah, the results were the same, thats how I didnt notice!
Thank you for clearing this up for me. I didn’t expect such incredible service in the forum. You guys make me proud to recommend Avast to my peers.

Well I had to look this up and found the culprit of the matter and reddit themselves are alerting: http://www.reddit.com/r/technology/comments/1t4ubn/hoverzoom_for_chrome_is_infected_with_malware/
See: http://www.ghacks.net/2013/12/26/hoverzooms-malware-controversy-imagus-alternative/
Hoverzoom injects script(s) that are being flagged!
Script tries to purchase the extension or have it modified
to gather data or implement money making schemes into the extension.
In one word translated as: abuse!

Here is a clean benign alternative extension:
https://chrome.google.com/webstore/detail/imagus/immpkjjlgappgfkkfieppnmlhakdmaab/related?hl=en

polonus

Thank you so much.