I was just browsing on another forum and I noticed a thread stating that google chrome was blocking a specific thread because it was linked to the site I mentioned in the subject line and upon doing my own investigation avast flagged a iframe exploit on hxxp://www.operationburnout.com/{gzip} (link broken for protection) and that showed up from just a search on google as I didn’t even go to the site (although google does tend to stuff cookies from the first result of every search I do in my computer).
The thing is that even though google and avast detect something link scanner online gives the site a clean bill of health so I just need confirmation if this is a FP or is link scanner the one giving the false response.
The problem is that very few AVs are even looking for this much less detect it.
The avast web shield is very good in this regard at finding what in effect are hacked sites, where either hidden iframe or obfuscated javascript script tags are injected into the page/s.
I don’t know which link scanner you used ?
However, avast isn’t alone in the detection of operationburnout.com as malicious, firefox also flags it as an attack site in its safe browsing function, see image.
Firefox detect it because Google Diagnostics flags it as a suspicous site!
The present status of wXw.operationburnout.com is suspicious site?
Visiting this site may harm your computer.
A part of the site has been noticed because of suspicious activities - 10 times during the past 90 days.
Of 635 pages that have been tested on the site during the last 90 days, 80 pages have been downloading and installing malcious software without the users consent to do so The last time suspicous content was found there was 2009-06-21.
Malicious software includes 2 scripting exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malcode was hosted on 6 domains, e.g.: 92.38.0.0/, trafficstatic.com/, 202.73.57.0/.
2 domains here seem to function as an intermediary to spread malware to visitors of this site, e.g.: m-analytics.net/(1 page on 2009-05-27) , reycross.com/ (Malicious software includes 38 scripting exploits.)
This site was hosted on 1 network(s) including AS26347 (DREAMHOST).
Thanks for the info so now I can tell the moron who thought it was malware protection on google chrome being flakey that they was completely and totally wrong.
But I think after this I can say that even googling can cause your computer harm (since all I did was search for operationburnout on google thinking I’d be safe but that seemed to be a mistake since the infected site came up first in the search results).
Generally a search can’t do anything, whilst some browsers have a pre-fetch function which loads pages in the background and that could trigger an alert as it attempts to load the page in the background. Some people also use link scanners and this too can possibly access the sites listed in the search results so this to could trigger avast as it tries to pre scan a page.
I think I’m going a bit off topic here but would this also include adding cookies (I’m just wondering as after some searches on google I’ve always ended up with a cookie from the site that is listed first in the search when I do a cookie clean out when I’m shutting down firefox) and would there be a way to stop this (or would I have to ask this elsewhere)
You can block third party cookies in your options in the firefox browser. But it is a good custom to do some crap cleaning at browser shutdown and before closing down after a computer session. ATF Cleaner is a good program to do this: http://www.atribune.org/ccount/click.php?id=1