False Positive at Arashiy.ifensi.com (http://arashiy.ifensi.com/bbs/index.php)

[hihikaren]

Avast is detecting the website of Arashiy.ifensi.com (http://arashiy.ifensi.com/bbs/index.php) and states it has found a virus/worm of "Iframe-inf" and offers me the choice of: "Abort connection", so I click it and I cannot contiune in viewing this website normally. Later for the safety reason, I perform the standard virus scan for all my local non-removable disks and the result is no files was infected.
In my Log viewer, there had something in the warning section, and the description is Sign of "HTML:Iframe-inf" has been found in "http://arashiy.ifensi.com/bbs/index.php " file.
My virus datebase version is 081219-0 and Avast version is 4.8.1296
Furthermore, I want to say that the website of Arashiy.ifensi.com was viewed by me everyday and it's normal in the past except today....before the update virus database version 081219-0 has been updated.
Therefore is it a false positive? Can I continue in viewing this Arashiy.infensi.com website before you reply me...
Thanks for kindly attention....

From hihikaren

[Jtaylor83]

You need to disable the link by replacing http to hxxp.

LinkScanner says it infected.

An Invisible IFrame Launcher to be exact. Not FP.

Looks like the BBS section is hacked.

[hihikaren]

You need to disable the link by replacing http to hxxp.

LinkScanner says it infected.

An Invisible IFrame Launcher to be exact. Not FP.

Looks like the BBS section is hacked.

Thanks for your help
So what can I do....this website is very important to me .....
this means that if I want to view this website normally again, I must change the link to hxxp://arashiy.ifensi.com/bbs/index.php
Is this virus detected really related to the update virus database has been updated?
and I want to know that what is harmful effect when this link is infected (invisible iframe launcher)

[Jtaylor83]

http://linkscanner.softwaresecuritysolutions.com/knowledgeBase/exploit-invisible-iframe.html

Exploit: Invisible IFrame Launcher

This script is used by malicious iframers to launch exploits.

If you want to visit the site, you should get Mozilla Firefox with NoScript.

[kubecj]

Yep, there's a frame to chinese malware page. You should inform the owners of the web.

I'd like to add, that we recently started to monitor our virus stat logs and we're banning such (mostly) chinese malware distribution pages. Then, suddendly, previously innocent pages may start to report HTML:Script-Inf or HTML:Iframe-Inf, what means just that page refers to the baned page.

[hihikaren]

Yep, there's a frame to chinese malware page. You should inform the owners of the web.

I'd like to add, that we recently started to monitor our virus stat logs and we're banning such (mostly) chinese malware distribution pages. Then, suddendly, previously innocent pages may start to report HTML:Script-Inf or HTML:Iframe-Inf, what means just that page refers to the baned page.

Thanks for your help...
So what can I do......how can I view this website normally, is that website is a innocent page because I cannot inform the owners of the web, will it fixed in next virus database...and what is harmful effect when I still continue to view the website without click the button of "abort connection"?

With many thanks

[kubecj]

Heh, it's not a _BUG_ or a _FALSE ALARM_ on avast's side.
That page has a security problem and must be fixed on their side.

The only "user friendly" way is going there with avast turned off and _GETTING INFECTED_

[hihikaren]

Heh, it's not a _BUG_ or a _FALSE ALARM_ on avast's side.
That page has a security problem and must be fixed on their side.

The only "user friendly" way is going there with avast turned off and _GETTING INFECTED_

What is harmful effect when I doing this "user friendly" way....
Can I need to amend the setting of the web shield which allow the avast not scan this website??
With many thanks!!

[kubecj]

That depends on many factors:

If you use low grade browser (MSIE), what is your patching level, if you're running as administrator, if you're using outdated apps with security holes etc.

I'd consider it extremely unwise to risk that, can't think of any importance of going to such a site.

[hihikaren]

That depends on many factors:

If you use low grade browser (MSIE), what is your patching level, if you're running as administrator, if you're using outdated apps with security holes etc.

I'd consider it extremely unwise to risk that, can't think of any importance of going to such a site.

Thanks for your advise...
Can I need to amend the setting of the web shield which allow the avast not scan this website??
and is that may be in future that the problem will be solved when the website is fixed their problem??

[DavidR]

This is not a problem with avast, that page is infected and it is likely that many other pages are also infected on that bbs to the owner needs to clean it out.

No site is worth risking infection just to visit it, if your system is infected you could suffer a much worse fate than not being able to visit that site.

I think kubecj perhaps gave you too much information about links to other suspect sites because you are misinterpreting this as the only reason for the detection is because of that and that isn't correct. The page itself is infected and not just possibly links on it leading to known infection locations.

You would have to ask why there are links on that site leading to known malware sites, is this on purpose by the owner or is it because the site has been hacked.

Of course you could stop avast scanning the site in the Exceptions tab of the web shields Customize, but that would be absolutely crazy. You should report this to the site owner.

[hihikaren]

This is not a problem with avast, that page is infected and it is likely that many other pages are also infected on that bbs to the owner needs to clean it out.

No site is worth risking infection just to visit it, if your system is infected you could suffer a much worse fate than not being able to visit that site.

I think kubecj perhaps gave you too much information about links to other suspect sites because you are misinterpreting this as the only reason for the detection is because of that and that isn't correct. The page itself is infected and not just possibly links on it leading to known infection locations.

You would have to ask why there are links on that site leading to known malware sites, is this on purpose by the owner or is it because the site has been hacked.

Of course you could stop avast scanning the site in the Exceptions tab of the web shields Customize, but that would be absolutely crazy. You should report this to the site owner.

Yes....You are right...the website was really infected which announced by the website owner and the website forum is closed now until further announcement....sorry for my misinterpretation....and thanks for your help and advise again!!

[DavidR]

You're welcome.

The hacking of a site like this (a forum) is often down to out dated php software.

[polonus]

Hi hihikaren and DavidR,

We have seen an increase of webforums being malware infected recently, and this trend is going up.
There certainly is some need to check the links before one clicks, where I think in the line of searching through scandoo.com, installing WOT or finjan, and minimizing the risk by surfing with normal user rights or scripts disabled by default as in Firefox with the NoScript extension enabled. If more users acted this way we would see less of these issues here as also the number of browser vector attacks is rising,

polonus

[YoKenny]

Hi hihikaren and DavidR,

We have seen an increase of webforums being malware infected recently, and this trend is going up.
There certainly is some need to check the links before one clicks, where I think in the line of searching through scandoo.com, installing WOT or finjan, and minimizing the risk by surfing with normal user rights or scripts disabled by default as in Firefox with the NoScript extension enabled. If more users acted this way we would see less of these issues here as also the number of browser vector attacks is rising,

polonus

That review pic is so small an ant probably would have a challenge understanding it.