Site hack aka TR/Script.77 detected by avast, so you are being protected!

Proof of this here: http://vscan.urlvoid.com/analysis/dc7b2fd7417f4ea1917ac8b7284fecba/YTEtdHh0/
Not many flag it here: https://new.virustotal.com/url/33f24e5c2b4a27b5bbfde86dffcc8b5ca63bb04ebe1f4d789ee0d745d0caaa3c/analysis/1325972105/
See: -http://jsunpack.jeek.org/?report=5cf2e015699c474b71261c2f052ff8b66195099c
visit above jsunpack-link only if security savvy, with ample script protection and in a VM,
Siteinspector has it as a high risk page here: http://siteinspector.comodo.com/public/reports/88826
The page is both blocked by Bitdefender Traffic Light and M86 Secure browsing extension
We´ll find the hack mentioned in -http://www.placeoweb.com/hack/php/
Also see why it was blacklisted - http://tools.sucuri.net/?page=tools&title=blacklist&detail=803edcd3d2e8b2bb63388a6b2938ac0e

polonus

VirusTotal
https://new.virustotal.com/file/608d00cd945efcc2c71ce8102b4ba806881e1f0d4ad755597c31e0700c75fd1d/analysis/1325973709/

Hi Pondus,

There are two variants, <?php /* ZFxID / etc. and <?php / Fx29ID */etc variety

polonus

2009-08-25 20:58:16 UTC ( 2 years, 4 months ago )
Very outdated file, yet only half detect? ???

What do these scripts actually do? ???

Hi Donovansrb10,

Not much it is just a simple code is just to acknowledge that your website has a security flaw and it is able to execute PHP codes - but using PERL and when that software gets the string it executes php function hack code and now the malcreant that has placed the code is able to get loads of data of the system to create a backdoor to get into the site at will. This attack can also be performed automatically by zombie bots for instance.
Site owners should check their site logs often, check for the date their HTML and PHP files became modified, website owners should not use FTP to access their websites (has no encryption), should not execute commands and open files directly using queries, when using third party scripts they should update these regularly!

polonus

Ah, ok, so it’s just a ‘test file’ made by bots. Explains why there’s nothing in particular in the coding.