Suspicious iFrame on site...we have protection!

See: http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fhnyechun.com
Website Virus Tracker classification: hnyechun dot com,124.173.105.107,ns1.cnolnic dot net,Parked/expired,

2 suspicious files according to Quttera’s:
/index.asp
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What’s this?]
Details: Detected hidden iframe tag to ‘3721job.net’ iFrame-WI
Offset: 8671
Threat dump: View code on http://jsunpack.jeek.org/?report=f7f8bc9fd64d73a10cd08247296d878b4fa23fc6
File size[byte]: 8755
File type: ASCII
MD5: 39E34E6BB3C7A1238915B7B7E203D450
Scan duration[sec]: 0.029000

&

/index.html
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What’s this?]
Details: Detected hidden iframe tag to ‘3721job.net’ iFrame-WI
Offset: 8671
Threat dump: View code on: http://jsunpack.jeek.org/?report=f7f8bc9fd64d73a10cd08247296d878b4fa23fc6
File size[byte]: 8755
File type: ASCII
MD5: 39E34E6BB3C7A1238915B7B7E203D450
Scan duration[sec]: 0.022000

avast! Webshield protects us against this malcode by blocking access to HTML:iFrame-BLG[Trj] as for site mentionened |{gzip}.
redirect site is not being blocked!

polonus

There is also a malicious external link going here: htxp://www.0898it.com
No description because of robot.txt Bitdefender Traffic Light blocks site as malicious, and the WOT webrep is here: https://www.mywot.com/en/scorecard/0898it.com?utm_source=addon&utm_content=popup-donuts (High Risk Domain)
Domain classification: wXw.0898it.com,121.197.14.82,Cybercriminals,
Description:
5年来中企在线专注于海南网站建设、网络推广,是拥有最多推广平台、最多客户案例、最多设计和销售客服队伍、最多政府授牌资质的优秀企业。
code hick-up:
wXw.0898it.com/js/jquery.js benign
[nothing detected] (script) wXw.0898it.com/js/jquery.js
status: (referer=wXw.0898it.com/)saved 72328 bytes 6ab320a0421a75731233a3f6ec4f4f906b903dac
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Also suspicious external links found.
See: https://www.virustotal.com/nl/url/83f764c5a93c49da9ee46fc3eebc05b14cea1fcbdc8898e1e7e16620dc4e0fa9/analysis/1390259468/
filescan probably harmless? Given clean here: http://maldb.com/www.0898it.com/
Given as blacklisted and likely compromised here: http://sitecheck.sucuri.net/results/www.0898it.com
Because of sloppy IT-security managment, see:
Asafaweb result, which are flagging various insecurities via this scan: https://asafaweb.com/Scan?Url=www.0898it.com

  1. Internal server error messages exposed externally -

  2. Stack trace information being spread could expose code-level information - extremely dangerous!

  3. Excessive header warning - Info also available to attackers:
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET, UrlRewriter.NET 2.0.0
    X-AspNet-Version: 2.0.50727

  4. Clickjacking Warning

polonus