Should I report an IFrame-EC to anyone?

I was surfing the net tonight in search of info on Paleontolgy – specifically, pterosaurs – and Avast alerted to an IFrame-EC trojan in a legitimate site:

5/13/2009 4:23:22 AM	SYSTEM	284	Sign of "HTML:IFrame-EC [Trj]" has been found in "http://XXX.networlddirectory.com/blogs/permalinks/1-2009/watch-out-some-pterosaurs-take-off.html" file.  

I replaced the "w"s with "X"s to be safe. If that’s not good enough let me know (or an Admin can delete).

Anyway, the site has never given me a problem before – should this be reported anywhere?

Thanks.

Welcome cromag,

the website contains obfuscated script at the end of the code - it contains iframe that points into malicious server. Please try to contact webmaster/owner and tell him about this problem - it need fix from someone who have got access to the server.

Best regards

PS: Attached image shows the infection - using red arrows.

Hi cromag,

This detection is also found by unmaskparasites:

var k1='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4^#wrs=#4%A?liudph#vuf@%kwws=22',...

So the detection is a valid one, and you should contact the site admin or webmaster for that reason,

polonus

Thank you, I have sent an email to the webmaster. Now I just hope it gets read.

If I encounter additional things like this (or, more likely “when …” in today’s world) should I touch base with the forum here to get the malware verified?

Thanks again.

Hi cromag,

Well this clearly is our duty and our responsibilty towards the users of the Internet. It is very important to report these things here if it is only that other users are aware of these things going on on to-day’s Internet and more importantly what they can do to detect and protect themselves against these online infecting sites.
The user of the browser is protected through the avast shield protection, can enhance prevention by pre-scanning with real time site scanning like finjan, use scandoo.com as a searchengine or prevent malicious script from running inside the browser by installing NoScript in browsers like Firefox or flock, and block request from third party redirects through an extension like RequestPolicy. As the problem of malicious code injection to trusted vulnerable sites is expanding rapidly appropriate prevention and protection has an important priority, and as one of the few av solution that take this ongoing threat seriously avast is doing a hell of a job and saved many users when visiting these suspicious or malware ridden websites,

polonus