Known javascript infect site not always detected...verdict suspicious!

Hi malware fighters,

Keep this from your website, read here why!

This has been a well-known source of malcode: Known javascript malware: <script src=hxtp://jkcotton.com/images/directors.php
Allthough both Norton Safe Web and Novirusthanks give it a clean bill
see results of the Novirusthanks scan here:
http://scanner.novirusthanks.org/analysis/95e28fb39d99d68237e7d79791562412/aW5kZXg=/

finjan flags it as potential virus behavior was detected on this page…
Diagnostic page for jkcotton.com

What is the current listing status for jkcotton.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 times over the past 90 days.

What happened when Google visited this site?

Of the 25 pages we tested on the site over the past 90 days, 1 page resulted in malicious software being downloaded and installed without user consent, and the last time suspicious content was found on this site was on 2010-03-29.

Malicious software includes 19 exploits, 4 scripting exploits.

Malicious software is hosted on 4 domains, including poche.be/, weehee.org/, ruffnitdoggiedaycare.com/.

This site was hosted on 1 network(s) including AS33182 (DIMENOC).

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 12 domain(s), including thomas-kleinlein.de/, ebeegle.com/, flash.ucoz.com/

polonus

Malwarebyes IP protection blocked jkcotton.com:
IP-BLOCK 66.7.208.222
http://ip-address-lookup-v4.com/lookup.php?ip=66.7.208.222
http://www.sitedossier.com/nameserver/ns2.cpanelmachine.com

Thanks YoKenny,

Thanks for reaffirming this. On the side-line to you the following head-up. For you as the blocking specialist among us better also to block this following range 85.255.112.0 - 85.255.127.255 as well, not much good coming from there either, ActiveX exploits etc, so for users on IE certainly a good advice (why, re: http://blog.dynamoo.com/2008_05_01_archive.html )

polonus

85.255.112.0 Ekaterinenskaja str., 41, 65000, Odessa, Ukraine is blocked as well. :wink: