See: Trojans detected on relations site:
Object: htxp://8steps.co.il/
SHA1: 09799ce3e1518e0d1bdd50a20aefc814d7b43d15
Name: TrojWare.JS.Agent.caa Avast Webshield detects: JS-Clickjack-B[Trj].
See: https://www.virustotal.com/nl/url/2bf990db9fbe4774755408de4693667e2260f32bb4edc0e1264b1525a18b860f/analysis/
ISSUE DETECTED DEFINITION INFECTED URL
SEO Spam MW:SPAM:SEO?g12 htxp://8steps.co.il ( View Payload )
SEO Spam MW:SPAM:SEO?g12 htxp://www.8steps.co.il/ ( View Payload )
SEO Spam MW:SPAM:SEO?g12 htxp://www.8steps.co.il/all-8steps-lessons.html ( View Payload )
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}dnnViewState();
Read: http://stayaway2.blogspot.nl/search/label/TrojWare.JS.Agent.caa link article author = Gray Dee.
I posted on this malware earlier here: https://forum.avast.com/index.php?topic=163838.0
Malware
[[function dnnViewState]]
Detected encoded JavaScript code commonly used to hide malicious behaviour.
Malware confirmed here: http://urlquery.net/report.php?id=1428081559434
Netcraft risk status 1 red out of 10: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2F8steps.co.il
IP listed here: 81.218.71.214 → http://www.e-fensive.net/malware.pests
AS general security situation: http://sitevet.com/db/asn/AS8551
polonus