Harmless site is marked as malicious

[xochoa]

Hi

First of all don't know if this is the correct place, if not, please drive me to the right place.

Heres the problem, this site, gusanito.com is being marked as a malicious site but it isn't, you can take a look over these links to be sure:

http://www.google.com/safebrowsing/diagnostic?site=www.gusanito.com
http://hosts-file.net/?s=gusanito.com&x=24&y=10
http://www.avgthreatlabs.com/sitereports/domain/?domain=http%3A%2F%2Fwww.gusanito.com&check=
http://linkscanner.explabs.com/linkscanner/checksite.aspx?NS=ChkOnly&SRC=apps.explabs.com&CS=http://www.gusanito.com

All sites above mark the site as a safe site, the "virus", that avast marked as a malicious site is an add campaign that uses javascript command document.write, see http://cl.ly/d45d0adf2932c70b5de7

Thanks in advance,
-Alberto

[Yanto.Chiang]

Hi Xochoa,

Welcome to avast forum,

Your referenced site is safe :

http://scanner2.novirusthanks.org/analysis/41af588f6ecb0d8530d7f1dc6d0a6833/ZXNw/
http://www.virustotal.com/url-scan/report.html?id=192400f1071c3eb3e601e8b618248b4f-1288421126

And avast also not detect any harmful script or malicious software inside there.

cheers,

[DavidR]

Avast is alerting (firefox 3.6.12), see image1 and it is because it is loading a large obfuscated/compressed file (see image2 small extract of file content), this is what is being called script injection I believe.

Whilst this is effectively only avast detecting this, http://www.virustotal.com/file-scan/report.html?id=d7dbe9a390bfe1f4f7448645597a90cd32bcd4c64e00b731c3d5ca8dcdee2b4a-1288965942, the question has to be why is this compressed obfuscated script being loaded.