I agree with you, but the redirect is dead now. Try and check if -vnpokers.net is up,
so I agree with you and sucuri’s that the site is still vulnerable for that malware attack but it is not actually infecting. Can tou confirm that? Sucuri should cleanse out their daily dirt and this seems to be part of it, a malware redirect that is dead and no longer up, is water under the bridge,
The fact that the remote source isn’t active is no guarantee that it won’t become active. The simple insertion of the iframe is the infection/exploit not the payload at the remote source.
That is why in the past all I do is confirm that the hack/exploit is in place (so the alert on that site by avast is correct and has to be addressed by them) and don’t care what payload is present (or not) at the remote location.
If the vnpokers domain is in the network shield malicious sites list that too should alert over and above the possibility the web shield alerts on the inserted iframe. The actual payload isn’t analysed, I think there is something about this for avast7 that this remote payload would be checked.
How this will be done is the thing, possibly via cloud to pass link to remote source for analysis as this is likely to improve detection on the remote content, should it ever arrive on your system. Since much of this is likely to be driveby/rogue security stuff that is ever changing, this should improve detections in this category of malware.
Agree that a site that has been compromised in this way is suspicious and could become malicious again through re-infection or through the same or other malcreants. So the first priority is to flag it and the Mal_Hifrm should be removed and the software exploit through which the malware could be installed should be patched.
So you agree that a site being flagged for a redirect to malware that has been taken down should still be flagged or blacklisted until the suspicious code has been completely been removed?
Yes, until that iframe (and or any other insertions) is removed and the exploit cleared it is still compromised and at risk of infecting unsuspecting users.