Hi,

I believe the URL hxxp://www.rockingthedaisies.com/ is a False Positive.

It is detected by the Webshield.

This is a popular music festival here in South Africa and the web-page contains important info about the event.

Regards,
Hellion

I believe the URL hxxp://wxw.rockingthedaisies.com/ is a False Positive.

Sucuri say infected, see attached screen shot (click to enlarge)

sucuri malware info:

Malware entry: MW:JS:ANON7 http://sucuri.net/malware/malware-entry-mwjsanon7
Malware entry: MW:JS:67473 http://sucuri.net/malware/malware-entry-mwjs67473

WordPress Sites Hacked with Superpuperdomain dot com (Attacking Timthumb.php)
http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain-com-attacking-timthumb-php.html

It’s not that I don’t believe Avast, I just did not expect a popular Music festival Web-page to have malicious code in it.

Perhaps it was injected and Web-server Admin is an Idiot.

Thanks for the Check Pondus.

Regards,
Hellion

Good old superpuperdomain…not the first, and won’t be the last…

Not necessarily an idiot…just is unaware

Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks.

Just for info, Virustotal: http://www.virustotal.com/file-scan/report.html?id=65740022ddcf555cdd3dc8fca914d55c7a2391bbccb3c7f5ffb392c4c8cf1f62-1314871393

It's not that I don't believe Avast, I just did not expect a popular Music festival Web-page to have malicious code in it.

Hi SPG Scott,

I have altered the URL as you specified.

Interesting that only 5/44 on virus-total picks it up.

@Pondus,

That is true.

Regards,
hellion

– SUPERDOMAIN/WORDPRESS EXPLOIT

• Also see http://blog.sucuri.net/2011/08/update-to-the-superpuperdomain2-com-malware.html, although this is about superdomain2.com it is the same issue.

the malware infection that has been affecting thousands of WordPress sites with the vulnerable timthumb.php script