Sucuri missed this detection completely

See: http://killmalware.com/howimet.ru/ malware found.
Given as suspicious: http://zulu.zscaler.com/submission/show/acfa6e3b15fac613dfd02643dc53dad7-1415193073
iFrame Check: Suspicious

htxp://howimet.ru/news.php’
htxp://www.howimet.ru/bn/index.php’

JavaScript check: Suspicious


.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("marketgidscriptrootc56464");}var dv=iw[ce]('div');dv.id="mg_id...

Included scripts: Suspect - please check list for unknown includes

Suspicious Script:
htxp://kinoshechka.com/bootstrap/js/code2.js
.ru/handler.php?id=6966"></script>‘); }
Suspicious Script:
htxp://www.directadvert.ru/show.cgi?adp=23356&div=div_da_23356
.ru/news/js/info.min.js?t=1415193178"; document.getelementsbytagname(“head”)[0].appendchild(newscript); __da_info_lo
Suspicious Script:
htxp://recreativ.ru/rcode.f95ec0a3b3.js
.ru/images/rec.png’) no-repeat;float:right;overflow:hidden} .rc-link:hover {background-position: left -17px;}"; e.setattribute(“type”,"tex

DOM XSS Vuln: Results from scanning URL: htxp://www.howimet.ru/guest.php
Number of sources found: 6
Number of sinks found: 140
Results from scanning URL: htxp://recreativ.ru/rcode.f95ec0a3b3.js
Number of sources found: 4
Number of sinks found: 3

Code link to http://labs.sucuri.net/?details=counter.yadro dot ru Adware Pop-ups etc. → http://labs.sucuri.net/?details=counter.yadro.ru
Cleansing instructions: http://blog.yoocare.com/counter-yadro-ru-popup-ads-removal-guide/

pol