Website has malicious javacode in URL...

Good afternoon everyone,

 Just a note that I came across a post in another forum which alerted readers to malicious javacode in the URL of the website, ushmm(dot)org.  This site is for the United States Holocaust Museum.  The [b]Securi [/b]  report shown at the link below appears to confirm this problem ("hxxp" has been substituted for "http"):

hxxp://sitecheck.sucuri.net/results/ushmm.org

According to the report, the javacode inserts a Phoenix exploit.

Thank you for your time and review.

rescan say clean http://sitecheck.sucuri.net/scanner/

Thanks very much for the update, Pondus!

I know one of the Moderators on the site where I saw this alert indicated he was going to notify the IT staff at the museum about the issue. Looks like they got the word and must have corrected the problem.

seems avast is the only detecting that code
http://virusscan.jotti.org/en/scanresult/fa8b4fd7b160efcfe19436ef89059988657a0527
https://www.virustotal.com/file/ecc7287775a51c1198c953bc0e2e6e2f471163ab3a46ae1f0aa311b427b2d9a0/analysis/

First seen by VirusTotal - 2012-03-27 21:00:33 UTC ( 4 minutter ago )

urlQuery - suspicious
http://urlquery.net/report.php?id=35561

Does that indicate there is still an issue with that website, Pondus?

Hi spc3rd & Pondus,

Bright Cloud gives it a suspicious with index yellow 39 meaning there is a higher than average probability that the user will be exposed to malicious links or payloads. So there certainly was a vulnerability there that was abused.
Good avast flagged it for what it was.
Sucuri is not flagging it any longer here: hxtp://sitecheck.sucuri.net/results/http://ushmm.org/
so they apparently did some cleanse-up.
If it has/had malware at any time then that was a shame really, because it is a Norton secured site, re: htxp://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.ushmm.org%2F
At least that protection failed them once big time then…good we have avast!

polonus

Hi Polonus!

  I appreciate the added info!  This detection is certainly a credit to Avast!   :)

Best regards,