A friend of mine went to h××p://www.yourdiscovery.com/realtime/londonink and got a message from Avast Free Antivirus 5.0.462 with the newest signatures (100310-1):
Blocked Trojan Horse.
Infection: JS:Packed-AA [Trj]
Object: h××p://www.yourdiscovery.com/realtime/londonink/|>{gzip}
I tried it on my computer, too, and got the same message.
We both use Windows XP Home Edition SP3 + all updates. And both with Firefox 3.6, newest Flash Player.
Another possible false positive is on effectu.com where Avast shows up a
Malware Blocked.
Infection: HTML:IFrame-inf
Object: h××p://effectu.com/
Hi Pondus, you have beaten me in a fraction, but I had to break and add the inline malcoded script in question, and that takes somewhat more as the links…
So my friends, as very, very often, igor is right here.
Re: 1 suspicious inline script found for “yourdiscovery etc”.
Is there any reason for this obfuscated inline script to be outside …?
^^function c152364361251b48fd0cbeaea13^^(b48fd0cbeaea1d){ ^^^^function b48fd0cbeaea26(){return 16;} return..malcode broken by me, polonus....
Re: effectu dot com there is found:
References to 1 suspicious domain found.
1 hidden external link found; myndomain.info suspicious - displaying 1 of 1
Wow, you react real fast! While I was typing, two new replies have been posted.
@igor:
I hope that counts ;):
I checked effectu.com three months ago with Norton Antivirus, Eset NOD32, Kaspersky Antivirus, Avira Antivir Premium and Avast Free Antivirus Beta 3 and only Avast reported malware and still does.
And on the discovery channel link Norton Antivirus 2010 with Norton IPS 2.0 Add-On in Firefox 3.6, Eset NOD32 4.0.474.0 and Avira Antivir Personal Free report nothing, only Avast does.