-= Is this some sort of revenge of the creators of conficker…? Well, its a headache that my website is also affected… Wonder what’s happening in virtual world now…
It’s simple. Everyone were teaching ppl to trust “trusted” webpages only and stay away from new “unknown” ones.
And there is a catch. Ppl don’t expect malware on lets say BBC webpage, when their antivirus catches it there they think it’s a false positive and they are very confused (just look at this subforum).
Some will even disable antivirus thinking it’s just a false positive even though it’s not.
So far avast! has shown an exceptional level of detection of such iframes and other junk so if it’s saythere is a malware, it most probably is (if avast! is alerting on a well known webpage).
Best course of action is to contact webpage administrator or webmaster and report the incident, so they can resolve it as soon as possible. Do not EVER disable antivirus and visit the webpage again!
-= I guess, we cant classify websites as safe & not during these days since the safe ones are starting to get infected one by one…
-= hmm… How is it possible that people can hack such safe websites…?
This usually happens when webpages are running on outdated framework software (the stuff that runs webpages like SQL etc). Mostly through security holes or badly designed webpages.
Hi chronoboi001,
Because security wise the World Wide Web is “broken”. The reasons for this are two-fold, users are not security aware. How many normal users aren’t even interested in security or do not bother, because it is a nuisance, and cruise the Internet without a firewall, without any form of anti-malware, more-over only a tiny majority of users have the Operational System (Windows for instance) and third party programs updated to the latest versions and fully patched. A sort of similar situation is found with a lot of developers and webmasters, server admins etc. And the attentive malcreant and average cybercriminal uses a year old vulnerability and ruins the security of Internet further.
Now so-called reputation link checkers do not help much, only those that do real life scanning and then not only for the local domain(s) but also for the malicious re-directs. So the security the normal user relies on, does not work in these cases, well more often not than it does.
What is at the crux of the matter and where can we protect our browsers, because these attack vectors attack the user of the browser. Use in-browser security, like blocking these scripts from running with NoScript extension, you have to get accustomed to using it, but you learn that quite easily, use an extension like RequestPolicy, where you can block just these malicious requests by the browser.
And you are protected by avast shields, that alert when it finds traces of these injections or obfuscations often found on these hacked sites. Another complication is that a site could have been clean once, get infested for some time, is clean the other day. Old protection do not work here, iFrame hacks serve rogue AV to the unaware users, and this means there is enormous money involved here.
So who have to clean up their act - the user that does not want to learn and clicks, and the owner of the site that is hacked that has no proper security installed. But the final line is we have to get used to a complete newe situation, in days of old mails could mean danger, then dark alley sites, now the danger can lure from everywhere on the Web,
polonus
-= Whoa… The virtual world sure is really dangerous since then…
-= By the way… Do I have to use NoScript if Avast’s Script Blocker is enabled…? Will there be any conflicts…?
Because security wise the World Wide Web is "broken".
Mainly its because the World Wide Web commonly called the Internet has become affordable to the masses and anyone with a computer and a connection to the outside world like a phone or cable TV can get connected for an affordable price.
New users just want to plug the thing in turn it on and read their email then look around for whatever is Free to download not undestanding that Free stuff could loaded with all maner of nasty stuff that can be as simple as adware to password and account information stealing trojans.
I use Web of Trust (WoT) in my browser as an indication as to a site’s reputation and Common Sense to not download codecs for videos that claim they are needed to view additional information.