Good digging deeper, Pondus, we’ll get there. Now pay attention…

Look here for web rep: http://www.webutation.net/go/review/ads.mmania.com

Well Norman detects both, the JS-includer:BI & the Worm.VBS.awl…

See where it is being detected: http://evuln.com/tools/malware-scanner/collabaz.super-red.es/

htxp://ads.mmania.com/displaycf2.js.php?r=6504af09&cc=es
200 OK
Content-Length: 2747
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 1x1 style: hidden
src: htxp://ftec-adselect-01.falktec.com/select?type=ifr&plc=15