Web shield blocks Shoney's website

I went to the Shoney’s website and i avast popped up saying it had blocked something on the website. I am wondering is this a False Positive?

See my signature.
Run several of the scans and post the links to the results here please.

Sucuri https://sitecheck.sucuri.net/results/www.shoneys.com

http://retire.insecurity.today/#!/scan/e874c242f523d88eecef47d116c7ef9e84239cc2c004af0947066cc0ea3fcee7

Header PHP redirect malware…

polonus

I just informed the shoney’s company on their facebook page via a message to them.

html scan
https://www.virustotal.com/en/file/48f48b1e869806905ac74127d68e6facf15a8fa3a19cd4a9333e973971ad6f35/analysis/1450452599/
https://www.metascan-online.com/#!/results/file/b0e64b1f418b4d20b9c10999d935b16a/regular

Thanks, Pondus, now we have official confirmation.
Nice to have the final word from VT. :wink:

Damian

So is it a false positive?

It only states that a known way of redirecting has been found, not that it is a false positive per se.
On one detection shared by Avast and GData you could easily come to such a conclusion, but I will only confirm that,
when Avast Team states it is a FP indeed. I reckon it is blackhat SEO Spam related and could be considered at least suspicious and maybe also malicious, depending on what your criteria for detection are. Moreover I get now a

Server Redirect / Status

Code: 0,

Content cannot be read! Accept-Encoding: gzip

pol

So is it a false positive?
[b]NO[/b]

Message from F-Secure lab confirms avast is correct … and the Sucuri scan in my first post

The file you sent was found to be malicious.

We will be detecting the sample you submitted as Trojan.HTML.Agent.MB in the next database update.

Avast blocks
script of this infection here

http://i.imgur.com/q37gP2L.png

link has error PHP scripts Headers

confirms that said Polonus

https://www.virustotal.com/en/url/104bcbf2ffb35d382b50fa4b43e4557058dcd6ed203cca9384115eff7750af49/analysis/1450465803/

https://sitecheck.sucuri.net/results/kreskoweczka.xorg.pl

I got a reply from Shoney’s on facebook. They told me they are looking into the issue. I even provided them a screenshot of the avast alert popup.

You may give them link to this topic

I told them a link to this topic and then they just replied telling me “The issue should be resolved” and thanking me for bring it to their attention :slight_smile:

Seems it is no longer being blocked by Avast.
Cannot see that offending code there anymore.

polonus