Main URL: htxp://www.artcar.com.tr/ is suspicious.
We found 1 virus attack url at your website.
hxtp://quake2012.ru/in.php?a=QQkFBwQHBAEABQQMEkcJBQcEBwYABQcHDA==
and the redirect url is also full of Viagra/cialis/Levitra pill spam, see sucuri screenshot
Sucuri gives this detection http://sucuri.net/malware/malware-entry-mwspamseo
Thank you for the confirmation and the additional info.
-.-
Now something more in general about malicious iFrames.
With this example I wanted to present the possibilties of soswebscan.
There are two other main scan sources here.
One there is the sucuri scanhttp://sitecheck.sucuri.net/ ; With this scan we can
also find the Google Safe Browsing results and the Norton Safe Web results.
Users should know that Google Safe Browsing and Norton Safe Web do have loads of sites
that their database isn’t even aware of,
and should be scanned in another way. In that case we do not have results.
Then there is unmasked parasites: http://www.unmaskparasites.com/security-report/?page= domainname for instance
The iFrame contents can also been lightly but effectively obfuscated and that is always a reason to be suspicious.
Just do an additional google query on what you find inside the code. There could be Dasient info on the particular
suspicious URL or domain, exploit or particular iFrame campaign.
There could be additional info via a URLVoid domain or link scan.
-.-
Remember you have to combine the info of various resources.
Another particular iFrame malware scanner is to be found at monkeywrench.de
Give in the particular URL and then open the detailed results. Could be a good basis for further investigation.
Whenever users are security aware, know how to have full script protection inside the browser and work the browser
sandboxed, there are other resources, but users can also ask for a second opinion here.
In a similar way Pondus, spg SCOTT, Asyn and other members here are particularly into this form of malware hunting
and give a lot of assistance and report their findings for better avast detection.
Malcious iFrames should not be a problem for those that have taken specific precautions like script protection inside the GoogleChrome or Fx browser (NotScipts & Better Pop up Blocker in Chrome /NoScript - Request Policy in Fx 4.0).
Scan, scan, scan and report (back) when in doubt.
Two main rules: 1. Never give direct click-through links, always munge like
hxtp or -http or wXw and 2. When presenting particular script, make a screendump, present it as a jpg or gif image.
One could use a particular proggie to remove particular information like PhotoPhiltre or cut and paste the script image with
a tool like Irfan view for instance. Reason is that actual script in part or even munged could be flagged by avast or spill over.
Best policy is just to give a scan link or the screen dump of the scan results.