Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: alghorabaaa on March 13, 2010, 01:30:47 PM

Title: avast! web shield has blocked a threat
Post by: alghorabaaa on March 13, 2010, 01:30:47 PM
Hi,

I can't access to ( Princess Juliana International Airport ) website ...

http://www.pjiae.com/

avast give me this warning :

Infection : HTML:Iframe-inf
Action : Connection aborted
Title: Re: avast! web shield has blocked a threat
Post by: Shiw Liang on March 13, 2010, 01:46:24 PM
Try to see the result of WOT:
http://www.mywot.com/en/scorecard/www.pjiae.com
Title: Re: avast! web shield has blocked a threat
Post by: Pedro Hin on March 13, 2010, 02:02:28 PM
The iframe is pointing to hxxp://auto-stats.info/eng/in.cgi?2 ; a domain that was created just a week ago.

It looks like the domain is already unreachable. Maybe the company hosting auto-stats.info has already pulled the plug on whatever was lurking behind that link.

Since the iframe tag has dimensions of width=0 height=0 border=0 , my guess is that there was a malicious PDF hiding in there
Title: Re: avast! web shield has blocked a threat
Post by: Shiw Liang on March 13, 2010, 02:11:19 PM
Yup proving that WOT is still not that useful also ~_^
Title: Re: avast! web shield has blocked a threat
Post by: DavidR on March 13, 2010, 05:38:36 PM
WOT isn't an antivirus which checks in real time for infection, so its purpose/use is completely different.

The site does appear to have been hacked and avast isn't alone in detecting this, though there are very few AVs looking for this type of infection much less detect it, see VT Results.
http://www.virustotal.com/analisis/fb4c3e8c03313745e3371ee3d16544943e6ee833c2fa6d36c86f20b66bafff97-1268498022 (http://www.virustotal.com/analisis/fb4c3e8c03313745e3371ee3d16544943e6ee833c2fa6d36c86f20b66bafff97-1268498022)

The inserted hidden iframe after the opening Body tag is the culprit and avast also blocks access to that site as it is considered malicious, see image.
Title: Re: avast! web shield has blocked a threat
Post by: sss on March 14, 2010, 09:09:12 AM
Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast's engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here. 

 
Title: Re: avast! web shield has blocked a threat
Post by: alghorabaaa on March 14, 2010, 11:20:12 AM
Thank you all !
Title: Re: avast! web shield has blocked a threat
Post by: DavidR on March 14, 2010, 02:21:16 PM
Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast's engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here. 

You're welcome.

I think that there are others that detect this, but in this instance the actual inserted iframe looks innocuous with just a single line but I believe avast comes into its own by not only having the web shield but also the network shields malicious sites list.

I don't know if in the case of iframe tags like this the web shield also checks the link against the malicious sites list. Suffice to say the web shield has a very good detection and accuracy rate on this type of thing.