Trojan-GameThief.Win32.OnLineGames (Sig-Id:1492814) alerted by avast Webshield

The avast webshield is becoming avast’s most valuable protection feature i.m.o.

See Wepawet report: http://wepawet.iseclab.org/view.php?hash=93f2fc2b06e5eb4e98b77481bc285401&t=1303656443&type=js
See accompanying Anubis report: http://anubis.iseclab.org/?action=result&task_id=13d166abcb61dcd045110b94c742e5f35
VT report: http://www.virustotal.com/url-scan/report.html?id=93f2fc2b06e5eb4e98b77481bc285401-1303648944
See: http://www.garyshood.com/virus/results.php?r=9fccb7d04f368396bd2110b108913d8d
AntiVir: ALERT: [HTML/Infected.WebPage.Gen] index.htm
Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
&
Clamav
index.htm: Exploit.Iframe-1 FOUND
Malicious Javascript Heap Spray Generic found (reported since Febr. 21st of this year).
Is this found by avast? because it is not yet reported at vicheck,ca…
Yes, folks, the Avast Web Shield detects this exploit as JS:Agent-BM[Expl] and the exploit is being blocked -
htxp://jsunpack.jeek.org/dec/go?report=7a8cfdd53d43af315580d6c284e2d3437dd03366
So do not visit above-mentioned link, avast will block the exploit -
jsunpack only to be visited by the security aware, sandboxed and with ample script protection,

polonus

I have felt this to be the case for quite some time (not just becoming), from 5.x it has been very effective and crucially very accurate with few FPs.

So when people speak of using an add-on or function, so all their browsing is done using https connections, I think they are foolish as the web shield isn’t scanning that traffic.

http://online.us.drweb.com/cache/?i=b27ed61196e1a1ad8c1da546da261136

@DavidR,

You are right. Users should have the shields up and active and not run risks through using https when http gives them additional vital protective scanning.

@Dim@rik
Very good that you reported the DrWeb url scanning report that flagged this exploit there.
I have the DrWeb url scanner add-on in the Mozilla browser, and bookmarked to use inside Google Chrome:
http://online.us.drweb.com/?url=1
I advise our users to add it in Fx: https://addons.mozilla.org/en-us/firefox/addon/drweb-anti-virus-link-checker/
or visit: http://online.us.drweb.com/?url=1
The additional flags through DrWeb’s url scanner can be valuable.I like this extension from “the guys from Petersburg”,

polonus