Possible hacked site (HTML:Iframe-inf)

I’m getting a warning from Avast for HTML:Iframe-inf for this site hxxp://dailymailnews.com. However, Wepawet says there’s nothing there. It seems to be picking up something in the header.

From Warning log:
Sign of “HTML:Iframe-inf” has been found in “hxxp://dailymailnews.com/favicon.ico” file.
Sign of “HTML:Iframe-inf” has been found in “hxxp://dailymailnews.com/images/dmimg0907/red.gif” file.
Sign of “HTML:Iframe-inf” has been found in “hxxp://dailymailnews.com/images/dmimg0907/dm_header_0907.jpg” file.

Personally I would believe avast as it is very accurate at these detections, certainly all the ones I have checked out have proven to be good.

All three detections are good (and are identical, see image of the iframes after the closing html tag) the site has been hacked.

I had a suspicion that it wasn’t an FP as I have been running into a lot of infected Pakistan-based websites lately. Avast!, as usual, has saved me. :slight_smile:

According to its entry on Site Advisor Veryblomar.com has been known to host the rogue XP Antivirus 2008/2009 and possibly VBS/Psyme. It is also listed by HpHosts as EMD (site engaged in malware distribution).

Yes, avast has been very hot on these hacked sites.

just tried the link and the alert happens while loading and firefox tells me that the page is reloading…when I click allow then, I just get to the page and nothing more happens…