Highly suspicious code on website... [SOLVED]

[polonus]

Found here: https://www.virustotal.com/url/2f6f54491bff066cdc8afdd6dc34530594797ba19287b7938bc2cd25c8be2895/analysis/
See:   plus.google dot com/s/aumentax
File size[byte]:   
177330
Severity:   
Potentially Suspicious
Details:   
Detected hidden reference to external web resource.
Reason:   
Detected generation of hidden DOM element [iframe].
MD5:   
5A873284F2C84DC82884078DC46C3E36
Scan duration[sec]:   
8.308000
/?m=201002
File size[byte]:   
45437
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar984089910 = eval; <code/>
MD5:   
B5ABBD14CCA2BA278FF5A1FC685D39B5
Scan duration[sec]:   
0.151000
/?m=201201
File size[byte]:   
64444
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar101975352 = eval; <code/>
MD5:   
E95F89BA4D29BCF56076E9F72C90CFD4
Scan duration[sec]:   
0.125000
twitter.com/#%21/aumentax2
File size[byte]:   
68261
Severity:   
Potentially Suspicious
Details:   
Detected procedure that is commonly used in suspicious activity.
Reason:   
Too low entropy detected in string '/^[a-z0-9_-------------------------------------------------------------]*[a-z_----------------------' of length 213 which may points to obfuscation or shellcode.  (name that doesn't fit naming conventions defined for its object type, via  pyLint message)
MD5:   
B03D8BB0C791E76CAC095C15387AD908
Scan duration[sec]:   
0.064000
/?m=200906
File size[byte]:   
41117
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1255904747 = eval; <code/>
MD5:   
12E9B826E365599D350EDF41BF9A8BC0
Scan duration[sec]:   
0.120000
/?m=201003
File size[byte]:   
90338
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1727839343 = eval; <code/>
MD5:   
8C38117B53F3069EE787A5AD9703FEC2
Scan duration[sec]:   
0.131000
/?m=201203
File size[byte]:   
45813
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar451570725 = eval; <code/>
MD5:   
26724897FB82A5A841BD63E09E5FDF16
Scan duration[sec]:   
0.138000
/?m=200812
File size[byte]:   
41031
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1440197804 = eval; <code/>
MD5:   
9B53489BAF103C65BFDE90CDC8E59B49
Scan duration[sec]:   
0.117000
/?tag=aumento-pecho
File size[byte]:   
73369
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1919785369 = eval; <code/>
MD5:   
02CDE097B93EA5D3FB0BC61BE3EAEEA8
Scan duration[sec]:   
0.147000
/?m=201208
File size[byte]:   
44451
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar306755997 = eval; <code/>
MD5:   
AD9C10CD32687161166FB441E2364E2A
Scan duration[sec]:   
0.115000
/?m=201006
File size[byte]:   
69390
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1505407362 = eval; <code/>
MD5:   
ACE76383FF4E1D3E05B4A50F13295552
Scan duration[sec]:   
0.130000
/?m=201009
File size[byte]:   
44655
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1076042327 = eval; <code/>
MD5:   
582B7C38A7C82C4BCA1885DCCC3396C0
Scan duration[sec]:   
0.129000
/?m=200905
File size[byte]:   
42098
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar188007109 = eval; <code/>
MD5:   
A8032D7B1E4966415D7429BC48587E01
Scan duration[sec]:   
0.159000
/?m=200907
File size[byte]:   
40227
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar571738867 = eval; <code/>
MD5:   
1D4373588BC53057DED41E140942C676
Scan duration[sec]:   
0.138000
/?m=200903
File size[byte]:   
40448
Severity:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1017855753 = eval; <code/>
MD5:   
84578E4267689A0585CF39754ECEB90B
Scan duration[sec]:   
0.118000
Quttera scan data....

polonus

[polonus]

Avast Webshield detects this object as JS;Iframe-TD[Trj]. We are being protected!
Avast Webshield also detects JS;Redirector-AB[Trj] on that site and blocks it...

polonus

[Pondus]

Sucuri
http://sitecheck.sucuri.net/results/blog.aumentax.com/xmlrpc.php

urlQuery
http://urlquery.net/report.php?id=566739
http://urlquery.net/report.php?id=566746
http://urlquery.net/report.php?id=566754

urlVoid
http://urlvoid.com/scan/blog.aumentax.com/

URLscan
http://vscan.novirusthanks.org/analysis/f9a5b76990a28ad669e12c3acf4754d4/aW5kZXg=/
https://www.virustotal.com/file/fec8947917b4ed486aeb8e1aaaae07446848aad23751d114e129dba48f45ca7e/analysis/1356998763/

[polonus]

Hi Pondus,

Thanks for the evaluation. Good that avast flags and blocks the malware that looks to exploit and abuse vulnerable Adobe on a user's comp when site is being visited (iFrame malware injection with Blackhole),

polonus

[polonus]

Does avast block this also? http://zulu.zscaler.com/submission/show/88435262c0f6ba52b9e2960678cc0d22-1357851368
See: http://quttera.com/detailed_report/www.rcf.fr
Quttera flags /misc/jquery.js?G
Severity:   
Potentially Suspicious
Reason:   
Detected potentially suspicious content.
Details:   
Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar747113010 = eval; <code/>

polonus