Author Topic: avast! web shield has blocked a threat  (Read 2515 times)

Offline alghorabaaa

  • Full Member
  • ***
  • Posts: 131
  • Gender: Male
    • Personal Message (Offline)
avast! web shield has blocked a threat
« on: March 13, 2010, 11:30:47 AM »
Hi,

I can't access to ( Princess Juliana International Airport ) website ...

http://www.pjiae.com/

avast give me this warning :

Infection : HTML:Iframe-inf
Action : Connection aborted
« Last Edit: March 13, 2010, 11:37:28 AM by alghorabaaa »
AMD Athlon™ X2 Dual-Core 6000+ / Windows 7 Home Premium 64bit / 4 GB RAM / 800 GB HD / avast! PRO Antivirus v7.0.1407

Windows XP Professional 32bit - SP3 / 2.5 GB RAM / 80 GB HD / avast! PRO Antivirus v7.0.1407

Offline Shiw Liang

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1420
  • Gender: Male
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #1 on: March 13, 2010, 11:46:24 AM »

Offline Pedro Hin

  • Jr. Member
  • **
  • Posts: 64
  • Gender: Male
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #2 on: March 13, 2010, 12:02:28 PM »
The iframe is pointing to hxxp://auto-stats.info/eng/in.cgi?2 ; a domain that was created just a week ago.

It looks like the domain is already unreachable. Maybe the company hosting auto-stats.info has already pulled the plug on whatever was lurking behind that link.

Since the iframe tag has dimensions of width=0 height=0 border=0 , my guess is that there was a malicious PDF hiding in there
Intel Centrino 1.8GHz single core, 1.5GB memory, 80GB IDE, Windows XP Pro SP3, IE-8, Firefox 3.6.x, Malwarebytes Pro, avast! Internet Security

Offline Shiw Liang

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1420
  • Gender: Male
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #3 on: March 13, 2010, 12:11:19 PM »
Yup proving that WOT is still not that useful also ~_^

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #4 on: March 13, 2010, 03:38:36 PM »
WOT isn't an antivirus which checks in real time for infection, so its purpose/use is completely different.

The site does appear to have been hacked and avast isn't alone in detecting this, though there are very few AVs looking for this type of infection much less detect it, see VT Results.
http://www.virustotal.com/analisis/fb4c3e8c03313745e3371ee3d16544943e6ee833c2fa6d36c86f20b66bafff97-1268498022

The inserted hidden iframe after the opening Body tag is the culprit and avast also blocks access to that site as it is considered malicious, see image.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sss

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #5 on: March 14, 2010, 07:09:12 AM »
Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast's engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here. 

 

Offline alghorabaaa

  • Full Member
  • ***
  • Posts: 131
  • Gender: Male
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #6 on: March 14, 2010, 09:20:12 AM »
Thank you all !
AMD Athlon™ X2 Dual-Core 6000+ / Windows 7 Home Premium 64bit / 4 GB RAM / 800 GB HD / avast! PRO Antivirus v7.0.1407

Windows XP Professional 32bit - SP3 / 2.5 GB RAM / 80 GB HD / avast! PRO Antivirus v7.0.1407

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: avast! web shield has blocked a threat
« Reply #7 on: March 14, 2010, 12:21:16 PM »
Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast's engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here. 

You're welcome.

I think that there are others that detect this, but in this instance the actual inserted iframe looks innocuous with just a single line but I believe avast comes into its own by not only having the web shield but also the network shields malicious sites list.

I don't know if in the case of iframe tags like this the web shield also checks the link against the malicious sites list. Suffice to say the web shield has a very good detection and accuracy rate on this type of thing.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now