Site detected by avast! or does it no longer has JS:HideMe-J Trj?

See: https://www.virustotal.com/nl/url/88d27f1228f939f2b214a7a3375b4e70f68f9e1ddafc1f07c493878624540a76/analysis/
See: wXw.detroitmedia.com/wp-content/themes/2033/js/jquery.cycle.all.pack.js
Severity: Malicious
Reason: Detected known malicious content.
Details: Threat detected according to previously retrieved information
Threat dump MD5: 00000000000000000000000000000000
File size[byte]: 12403
File type: ASCII
MD5: B1CF759A030EE15AC0796C700413BC10
Scan duration[sec]: 0.001000
and
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level. [What’s this?]
Details: Detected HTTP redirection to htxp://www.detroitmedia.com/.
Threat dump MD5: 00000000000000000000000000000000
File size[byte]: 18446744073709551615
File type: Unknown
MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000
Malware flagged: http://labs.sucuri.net/db/malware/malware-entry-mwspamseo
See: http://sitecheck2.sucuri.net/results/www.dnps.comhttp://app.webinspector.com/public/reports/20118728
JS:HideMe-J Trj detected/
See: https://www.virustotal.com/nl/file/66496c3de956216bd97ed8f0a579fa9389c4bd4d3321bc54cf12e416fa382416/analysis/
but not cuurently flagged on redirected:
http://wXw.detroitmedia.com/

pol

With web security test I get the following results.
Flagged are: Server/Redirect Status: Code: 301, htxp://www.detroitmedia.com/ Redirect to external server!
Javascript Check: Suspicious anguage=“javascript”>function dnnviewstate(){var a=0,m,v,t,z,x=new array(“9091968376”,“8887918192818786347374918784939277359287883421333333338896”,“778787”,"9499 *
Spam check: Suspicion of Spam
ef=“http://safe-md-store.com”>canadian SPAM

zithroma…
External links to be checked various…
http://zulu.zscaler.com/submission/show/05c25548bc3c4a1b1ff544279d17a877-1392507447

Is this malicious, view: http://jsunpack.jeek.org/?report=7ba41048a6dc1a7c2a30fe06ed4b8b8f1be3a937
https://urlquery.net/report.php?id=9448730

pol

VirusTotal
https://www.virustotal.com/en/file/3f0e2899a46fcf64ebeaeed764acdc4fd7d49b75e4fd865c3f6caaeb53e88802/analysis/1392511177/

You are a responsible bloke, Pondus, and thanks for the detection update :wink:

I already have mailed a report with this thread and sent it to their mail address, to be added to detection.
AVG has this malcode covered

JS/HiddenLink is a new family we’ve created for injections such as these.
In the past, similar scripts were identified as JS/Redir.
and
The purpose of this script is to hide the link which follows after dnnViewSate function.
Please note that the function name varies.

So avast! should protect us also against this malscript injection.
Unless the script may not be running, because of a bug, it is dangerous enough to leave it undetected!

polonus

Joomla malcode in modules/mod_AutsonSlideShow/tmpl/default.php - code there should be removed entirely!

Another question where avast! detection specialists may come in and give an answer.

Is this real SEO spam malcode?

or is it the developer of Autsonslideshow (often used in templates, especially with a slideshow…) trying to get more backlinks to his own site
. Abuse in a strict sense, but is this as serious as we are left to believe by AVG.
(info and quote credits go to Gahan Zwart on MijnJoomla)

polonus

Detection is correct according to Norman lab, they added detection

wxw.detroitmedia.com.htm: HiddenLink.A code_sample.txt: HiddenLink.B

Hi Pondus,

Thanks for detection of these hidden parasites, use Google here: http://www.unmaskparasites.com/security-tools/find-hidden-links/

pol