trojan exploit? malware? cam4

[jmhugh02]

I am a user of cam4.com (I know, I know  ) and recently it seems that my browser gets hijacked to a dummy site. It has the same name, but it is obviously not the site.

I have ran Avast Pro AV and the Sandbox function doesn't appear to work. I try to launch the process virtualization as written, but it never comes through.

This is what comes up when I look up the elements of the page:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<!-- turing_cluster_prod -->
<html>
  <head>
    <title>cam4.com</title>
    <meta name="keywords" content="cam4.com">
    <meta name="description" content="cam4.com">
    <meta name="robots" content="INDEX, FOLLOW">
    <meta name="revisit-after" content="10">

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
    <frame src="http://searchportal.information.com?epl=01310006VGsLXARUBwxVAEQHVwgHWg9aB1oGCFQADAEbW1dZFwJaWz1KXANWRgRCX0VMFlsCUwJSBlANBVFZE1xLZ1leB1xYBwUJQ1JXAlUSF2cACFAOUA9ZBAhQGwhFGVxdUl0EQVE" name="cam4.com">
  </frameset>
  <noframes>
   <body>
    <a href="http://searchportal.information.com?epl=01310006VGsLXARUBwxVAEQHVwgHWg9aB1oGCFQADAEbW1dZFwJaWz1KXANWRgRCX0VMFlsCUwJSBlANBVFZE1xLZ1leB1xYBwUJQ1JXAlUSF2cACFAOUA9ZBAhQGwhFGVxdUl0EQVE">
      Click here to go to cam4.com </a>.
   </body>
  </noframes>
</html>

[yahtzee]

haha yea i used some lso finder on firefox n it said that it found 19 lso's in like 5 minutes... i dk that site is dope but idk if its worth it

[spg SCOTT]

Quite possibly the searchportal links, but I am not too sure...it's not too popular.

http://www.mywot.com/en/scorecard/searchportal.information.com

As a side note, could you please de-activate the links, replace http with hXXp.

-Scott-

[AZAJIA]

i have exactly the same,  but with null.com


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<!-- turing_cluster_prod -->
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>null.com</title>
    <meta name="keywords" content="null.com" />
    <meta name="description" content="null.com" />
    <meta name="robots" content="index, follow" />
    <meta name="revisit-after" content="10" />


    <meta name="viewport" content="width=device-width, initial-scale=1.0" />


   
    <script type="text/javascript">
      document.cookie = "jsc=1";
    </script>

  </head>
  <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
    <frame src="http://www.null.com?epl=hg7nViRLA4dbHFgIymMES_BuAV8LCYVTJHfxvwQeUfoDdzYl4l08oCsXPF35wUEBkglk4kN2XQHKh1nupTMNjohxUJgfZUtAqBGTPqmlEYcYcwjqrVXqtEUlVbShs5N7oGgfrlDbEyGOrOgTaEDTNDLBBHmqgTI9AOppNDLIRA11ACCQ3qe_AADgfwVAAECAWwoAAO8W8LVZUyZZQTE2aFpCjQAAAPA" name="null.com">
  </frameset>
  <noframes>
   <body><a href="http://www.null.com?epl=hg7nViRLA4dbHFgIymMES_BuAV8LCYVTJHfxvwQeUfoDdzYl4l08oCsXPF35wUEBkglk4kN2XQHKh1nupTMNjohxUJgfZUtAqBGTPqmlEYcYcwjqrVXqtEUlVbShs5N7oGgfrlDbEyGOrOgTaEDTNDLBBHmqgTI9AOppNDLIRA11ACCQ3qe_AADgfwVAAECAWwoAAO8W8LVZUyZZQTE2aFpCjQAAAPA">Click here to go to null.com</a>.</body>
  </noframes>
</html>

what a shit  is this.   not detected by avast, anti-malware, nod32. 

[Secondmineboy]

AVG detects an Blackhole Exploit Kit there: http://www.avgthreatlabs.com/website-safety-reports/domain/cam4.com/