JS Clickjack infection warning shown ONLY by Avast

Avast Free Antivirus / Premium Security
1

I have Avast Pro on every machine in my house. Using Google Chrome over WIN 7 I am getting a harmful webpage warning. HOWEVER every other web developer I have asked to test the website outside my state says the page loads fine with no warning using Norton or Panda protection.

I also tried viewing over Proxy (hidemyass) and Avast still throughs the warning.

I checked the hosting root space, home page file, HTaccess and configuration files and there are no signs of infection.

I have attached a snap shot of the warning here and would appreciate any helpful feedback.

2

sucuri report. http://sitecheck.sucuri.net/results/villageshopskingsmill.com

Malware entry: MW:SPAM:SEO. http://labs.sucuri.net/db/malware/malware-entry-mwspamseo

blog info. http://blog.sucuri.net/category/spam

VirusTotal
https://www.virustotal.com/en/file/d3e35559833b2e4dbbadee94a02dbd522b840606e2408e37f4d9a70628112447/analysis/1383810080/

3

Hi rickvidalton,

Web development may be “overly” fine at the site (see remarks about Blackhat SEO spam),
but the server the site is hosted on might have sloppy management and insecure configuration.

  1. It does not look an X-frame-Options header was returned from that server, so you were and are indeed vulnerable to clickjacking.
  2. Cookie not flagged as HttpOnly, site vulnerable to XSS attack.
  3. Furthermore too excessive header info flagged.
    A lot of hosting firms are in the game just for the money involved and security is not exactly their first priority so to say.
    Especially where hundreds of sites are being hosted on one and the same IP (risks of being generally blacklisted by malware on other domains).

Your site has links to a site involved in black hat SEO Spam like the Hide-Me campaign, avast is one of the av-solutions to detects this spam fraud!

Site is infected: infected

guage=“javascript”> function dnnviewstate() { var a=0,m,v,t,z,x=new array(‘9091968376’,'88879181928187863473749187849…

Problem with website software → Web application version: CMS: joomla! 1.5 - open source content management
Joomla Version 1.5.18 - 1.5.26 for: htxp://www.villageshopskingsmill.com//media/system/js/caption.js
Joomla Version 1.5.18 to 1.5.26 for: htxp://www.villageshopskingsmill.com//language/en-GB/en-GB.ini

Link checks to be made:
Please check this list for unknown links on your website:

hxtp://www.plimun.com/ → ‘web design’ → black hat SEO read: http://productforums.google.com/forum/#!topic/webmasters/yy3eFINipW8
making a joke of penguin and Google → hxtp://forum.joomla.org/viewtopic.php?t=795946 (flagged as with JS:HideMe-j[Trj] - Hide-Me SEO Spam
link credits go to poster mike1971hk on Google Product Forums.
htxp://www.visionefx.net/ → ‘visionefx design’ OK

polonus

4

Norman lab confirms infection and have added detection as HideLink.B

5

Possible to link to Norman here?

6

you mean The Analysis result?

that is not possible since i have access directly to Normans online analysis tool ( Norman Shark Malware Analyzer G2) http://normanshark.com where you need a browser certificate and logg in password

but i can copy and paste

----- This case has now been closed. If the problem is not resolved please add further comments to the case.

Files:
sample.txt: HideLink.B

-----

7

OK.

Thanks for the link to Norman.