Web blocked by avast.

Avast Free Antivirus / Premium Security
1

I could tell if it is a FP ? hxxp//xhamster.com → infected html-iframe-inf

Avast is the only antivirus that blocks and web administrators tell me that is clean.

Thank you.

2

Wepawet
http://wepawet.iseclab.org/view.php?hash=a10dc72b7c3f09f8c634313642ffb8fb&t=1320537347&type=js

there are redirect mentioned at the bottom of the report ?

3

Hi Pondus,

For the redirect
See: http://www.urlvoid.com/scan/feeds.videosz.com
Given safe here: http://urlquery.net/report.php?id=7469
But this link is given as dangerous: http://www.urlvoid.com/scan/syndication.exoclick.com
But the resirect here isn’t active: http://urlquery.net/report.php?id=7470
request not found on the RomPager server!
But was there
cnt2.xhamster.com/cnt.php?rf=&srv=m11
cnt2.xhamster.com/cnt.php?rf=&srv=m7 according to the Snort urllist of 2011-06-23

polonus

4

This was a FP and has been fixed meanwhile. :wink:

5

It was a false alarm … fixed.

On strawberry drawn :+)

On the German forum thread already man was puzzled)
http://forum.avast.com/index.php?topic=87824.0

6

+1 :slight_smile:

disorder … such sites can not be false to. ;D

7

Hi Asyn,

OK, FP, so water under the bridge, and fixed because the malcode is no longer up and active, but the vulnerability is still existing.
So blacklist data became dirt, because the malcode source was taken down probably, but an sich the site stays vulnerable to further attacks, I checked code through malzilla,

polonus

8

On such sites, and only catch Win32:Ransom (Winlock), and AutoSandbox actually does not respond to Winlocks, I would like to let the developers as it did before.

Good luck.

9

Hi Dim@rik,

They sure miss a labs snort analyst for that particular Ukranian site. But they are not the only ignorants. Good we know better,

polonus

10

;D 8) :stuck_out_tongue: