Hi
I tried open offical webpage(Slovenian Basketball Association ). but Avast found this.
http://www.shrani.si/t/3g/ji/1mPM4Xbr/avast-ggaa.jpg
hxxp://www.kzs-zveza.si/
Thx and have a nice day.
Hi
I tried open offical webpage(Slovenian Basketball Association ). but Avast found this.
http://www.shrani.si/t/3g/ji/1mPM4Xbr/avast-ggaa.jpg
hxxp://www.kzs-zveza.si/
Thx and have a nice day.
Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.
Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0
Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).
Check here how to cllean and make a website secure.
The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.
The site has been hacked and the home page only has an iframe tag on it, see image. and this tries to redirect to a malicious site hxxp://xg8.in using a non standard port 8080 (usually used as a proxy, this may be to try and evade http scanners that monitor port 80).
The network shield blocks this if you try to access the xg8.in site directly, as does firefox as its safe browsing function also has it pegged as a malicious/attack site, see image2.
Hi JunihoSlo,
Generally web shield detectionof this nature is correct
See this:
http://www.UnmaskParasites.com/security-report/?page=www.kzs-zveza.si
Why have all those external links hidden? - Suspicious
Also when viewing the source code, there is a hidden Iframe that links to an external and potentally malicous domain (see image)
-Scott-
EDIT:DavidR was quicker, as usual
And I didn’t realise the port redirect…
I did scan with DrWeb Online but everything was fine.
PS:How did you get that little picture?
DrWeb and many other on-line scanners are worthless as they don’t scan for this type of issue, much less able to detect hacked sites in this way. The web Shield however, is all over it like a rash.
Don’t go poking around attempting to get an image of infected code as you could just as easily get infected.
LOL^^
@JuninhoSlo^^
Just leave the investigation to the experts^^
Or u might hurt yourself^^
Same thing that applies for myself though^^
Glad its clarified^^
Conclusion:
Good detection^^
-AnimeLover^^