Malware on website not detected? Avast should detect JS:Pdfka-gen Expl

See: http://www.virustotal.com/url-scan/report.html?id=54f9ba3429c6c88a3bca79df616c91ae-1324748635
and
http://www.virustotal.com/file-scan/report.html?id=9eb85668f287245dafc35c1ba1e1ae2947a863c99ca9a1372906bfe15f2be76a-1324752346
-http://www.webutation.net/go/review/tankmeisters.nl
suspiciois: http://urlquery.net/report.php?id=13359
-tankmeisters.nl/footer.htm suspicious
[suspicious:5] (ipaddr:195.211.72.6) (frame) -tankmeisters.nl/footer.htm
status: (referer=-tankmeisters.nl/)saved 5347 bytes 223bc1cbab2ec4f266d77037684e34fd950e5c38
info: [img] -tankmeisters.nl/footerl.gif
info: [script] -m1.nedstatbasic.net/basic.js
info: [decodingLevel=0] found JavaScript
error: undefined variable y
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
and
ankmeisters.nl/ suspicious
[suspicious:5] (ipaddr:195.211.72.6) -tankmeisters.nl/
status: (referer=-www.google.com/trends/hottrends)saved 4433 bytes 3f6efcec199a61214b995637a0c79931046fd0ff
info: [frame] -tankmeisters.nl/top1.htm
info: [frame] -tankmeisters.nl/left1.htm
info: [frame] -tankmeisters.nl/news/test.php
info: [frame] -tankmeisters.nl/footer.htm
info: [decodingLevel=0] found JavaScript
error: undefined variable y
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
= Advanced Polymorphic Shellcode …
Sucuri does not detect, BitDefender TrafficLight gives site as malcious,

I treated a similar infection also on another site here in this posting: http://forum.avast.com/index.php?topic=87390.0

polonus

VirusTotal - URL scan
http://www.virustotal.com/url-scan/report.html?id=8f942f076d4feda5362f3312ecbd38ce-1324757412

VirusTotal - HTML scan
http://www.virustotal.com/file-scan/report.html?id=be70f459895535dbef291ffb3aace6b19bc39a33bd832f11738fe709ffb3cf35-1324761123

Wepawet
http://wepawet.iseclab.org/view.php?hash=8f942f076d4feda5362f3312ecbd38ce&t=1324761369&type=js

Sucuri - Malware entry: MW:JS:159
http://sucuri.net/malware/malware-entry-mwjs159

Hi Pondus,

So avast detects as JS:Redirector-LH [Trj], right?

polonus

yepp :wink: