See: http://sitecheck.sucuri.net/results/tohouri.com
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwblacklisted35 htxp://tohouri.com/en/publications ( View Payload )
Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35
Location: htxp://ibontu.25u.com/
SE visitors redirects
Visitors from search engines are redirected
to: htxp://ibontu.25u.com/
9775 sites infected with redirects to this URL
List of blacklisted external links: 1
htxp://twitter.com/share
List of blacklisted external links: 1
htxp://twitter.com/share
CMS issue: Web application details:
Application: Drupal - http://www.drupal.org
Google Analytics installed: UA-3720428-2
Running cPanel 11.42.1.29: tohouri dot com:2082
Drupal not updated. We recommend versions 6.33 or 7.32 (or higher).
Outdated Drupal Found: Drupal under 6.31 or 7.27
tarting 5.51 ( ScanVerify.com ) at 2014-11-27 09:12 CST
scan report for banners.wunderground.com (38.102.136.101) → ip/38.102.136.101.json
Re: https://www.robtex.com/en/advisory/ip/38/102/136/101/
Host is up (0.044s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 1.3.42 ((Unix) PHP/5.3.2)
| http-methods: Potentially risky methods: TRACE
|_See ScanVerify.com/nsedoc/scripts/http-methods.html
|_http-title: 403 Forbidden
443/tcp closed https
this is a whitelist of known legitimate email servers to reduce the chances of false
Trusted Forwarder SPF Global Whitelist Bonded Sender
sbl.spamhaus.org link Direct UBE sources, verified spam services and ROKSO spammers xbl.spamhaus.org link Illegal 3rd party exploits, including proxies, worms and trojan exploits
VT results are important and often redommended standard,
but it is known to me that (bad hat) SEO Spam and defacements/hacks are very often not being flagged by VirusTotal.
What is the criterium here? That code must be infectious as such and hacks also?
Well, fraudulent redirects (spam fraud, defacement) etc. are not considered malicious in this strict sense here :o
I think this is a big blind spot where VT is concerned, same goes for some other scanners that miss SEO Spam for instance.
Killmalware is a good exeption to that rule. Quttera is also gettting better and better in detecting these various forms of abuse.
Also adware that is hidden but not malign as such is often spared by AV solutions,
even in PUP scannningm often because of legit implications.
That is for instance why several forms of Conduit crapware is being missed by major AV.
So here this is a grey area but the undetected is out there, the so-called virus X-Files ;D