Author Topic: Encounter with "HTML:Iframe-inf" virus alert on Website  (Read 29533 times)

0 Members and 1 Guest are viewing this topic.

Shalimar

  • Guest
Encounter with "HTML:Iframe-inf" virus alert on Website
« on: March 29, 2009, 01:10:01 PM »
Hi...I'm trying to view viewmy.tv for the first time and while investigating the website before jumping into it, when I clicked on a category at the top of their website called "blog", my Avast! sounded an alert informing me a virus had been detected but gave me the option to abort connection, and I did.  I chose to try another page called "next blog", and it was all right.

I contacted the website and asked if they indeed had a virus on that page or if perhaps my Avast! was picking up something it shouldn't.

In the meantime, do you know if I should worry about this?  Could it be a mistake by Avast?  I will not enter that page until I discover the answer.

This is what Avast says:
       FILE NAME:             http://www.brandstation.tv/widgets/bslister/
       MALWARE NAME:      HTML:Iframe-inf

Hopefully, this information is all that you need to know for now...if not, please advise!  Any assistance will be much appreciated...thank you!
« Last Edit: March 29, 2009, 06:12:00 PM by Shalimar »

Shalimar

  • Guest
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #1 on: March 29, 2009, 01:31:30 PM »
PROBLEM "SOLVED"!

ADDENDUM TO MY POST...I just received a response from viewmy.tv and was informed that he has now removed the Iframes from the first page of "blogs" ... that there was no virus, and that he has informed Avast!  He asked me to check it out, again...I did and this time all is well.

Please forgive me for using up space here that - as it turns out - was not necessary.  Yet, perhaps what has happened to me might be of "some" benefit to others...by contacting the website involved and hoping to receive a reply (as long as the reply can be trusted, I guess).

Again, "PROBLEM SOLVED"!!!



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
There are many sites being hacked by inserting iFrame tags that point to malicious sites, and avast has been very hot on this method of attack as can be seen in these forums. There have been very, very, few that turn out to be no virus.

The problem isn't solved as that page link you gave still alerts and there is a hidden iframe tag after the closing /html tag a standards no, no, so highly suspicious that it may have been hacked considering as you say, they removed the iframes (it's back, see image)

The url it is pointing at appears to be trying to look like google but it isn't goooogleadsence.biz and a google search indicates it in other hidden iframe attacks. So it site is most certainly hacked.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Shalimar

  • Guest
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #3 on: March 29, 2009, 06:58:28 PM »
TO: DAVIDR...

Thank you for responding to my post.  I went back to the website, but my Avast did not sound an alert when I linked to the "blog" links.  When I linked to the blog that said "Next Blog", I see that the web page does NOT belong there, but quite frankly, I don't recall seeing that page, so perhaps I only linked to the "SEARCH THIS BLOG" link instead during my first visit!

This was what happened the first time...
I went to "viewmy.tv", and directly underneath its logo (top left corner of page) are the following website links:  LOGIN...REGISTER...ABOUT US...FORUMS...BLOG (and it was this "BLOG" that set off the Avast alarm)  So, that particular "BLOG" link was fixed, according to my email from "viewmy.tv", and the response was as follows:
"There is no virus, the alert happens cause of an iframe that gets a list of scrolling sites from www.brandstation.tv  I have remove those iframes now from the first page of the blogs, has the alert gone now? I have also contacted avast, thanks."

Are you saying that the first page "BLOG" link is still not correct?   OR...are you referring to the 2nd page "Next Blog" that definitely takes you out of their website (which, of course, should not be there)?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #4 on: March 29, 2009, 07:17:34 PM »
I'm referring to the URL you posted in relation to the alert.

You only have to copy the URL you posted earlier into your address bar and connect to it to see that it is still there, see image.

So regardless of what they say it hasn't gone.

Give them the link to this topic so they can see where the problem lies.
« Last Edit: March 29, 2009, 07:20:52 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Shalimar

  • Guest
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #5 on: March 29, 2009, 08:20:15 PM »
Hi, DAVIDR...

Do you know why I'm not getting that very same alert any longer?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #6 on: March 29, 2009, 08:34:39 PM »
Are you cutting and pasting the url that you posted in your first post ?

Did you disable the web shield or add the site to the exclusions ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33935
  • malware fighter
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #7 on: March 29, 2009, 08:42:52 PM »
Hi Shalimar and DavidR,

I checked this:
(Level: 1) Url checked: (iframe source)
hxxp://goooogleadsence.biz/?click=73af3
Blank page / could not connect

Probably that is why, and what I found when using Jutakys Bad Stuff Detektor,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #8 on: March 29, 2009, 08:50:07 PM »
No, that isn't why, avast isn't trying to connect to that url it is detecting the hidden iframe in that url below.

The detection isn't found as the alert is on the hXXp://www.brandstation.tv/widgets/bslister/ (edit it is still alerting on this url) so the fact the target page of the iframe can't be found is irrelevant. It was never mentioned in the alert and is only mentioned here because I found it in the hidden iframe tag and posted the image.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Shalimar

  • Guest
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #9 on: March 29, 2009, 08:56:03 PM »
TO DAVIDR...

I typed the URL in the address, but perhaps you wanted me to paste it instead?
Plus...I did nothing else to my system...I still have NoScript running as I did previously, but I changed nothing.

TO polonus...I really don't know what you said (sorry!!).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #10 on: March 29, 2009, 09:27:22 PM »
I would suggest you copy and paste, but what you might not have noticed was the subtle change in the URL the HTTP is changed to HXXP, this is done to avoid the link being active (avoids accidental exposure) and you would have to change the XX back to tt.

The NoScript would make no difference to avast actually detecting this, what it would do if you had iframes disabled in noscript (not a default setting) it would stop the iframe executing.
« Last Edit: March 29, 2009, 09:29:16 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

pwoodford

  • Guest
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #11 on: March 29, 2009, 09:35:38 PM »
Hello All.

I'm the CTO of viewmy.tv and I'd like to offer clarity on this issue !

The "blog" link on www.viewmy.tv goes to a separate website (www.viewmyblog.tv) using www.blogger.com (e.g. free blog publishing tool from Google).

It was brought to our attention today by Shalimar (thank you) that the Avast application was alerting users of a potential virus on our blog site.

Well, there was NO VIRUS, the Avast application was causing the alert due to an iframe that displayed information from another domain. (e.g. from one of our other domains)... that is exactly what iframes are allowed to do!
Reference: http://en.wikipedia.org/wiki/IFrame

However because some our our users may be using Avast, we have now removed the blog posts where the iframe code was being used.

We have also contacted Avast to suggest that "just because a webpage uses an iframe with contents from another domain, it doesn't mean there is a virus on that site"!!

Yes we are well aware that there can be cross domain scripting issues but that was not the case! We do take all potential virus threats very seriously.

Thank you all for your input.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #12 on: March 29, 2009, 09:42:43 PM »
Well what about the fact that the iframe is a) hidden, b) outside the closing html tag (often the case in iframe injection) and c) the domain referenced in the iframe tag is the subject of many hidden iframe injection reports.

I don't know where exactly you were looking but it is on the default/index page of this URL, hXXp://www.brandstation.tv/widgets/bslister/ which doesn't appear to be on the viewmyblog domain that you mention.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

pwoodford

  • Guest
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #13 on: March 29, 2009, 11:31:17 PM »
Hi DavidR,
Ok after further investigation i see that there was an error with the code at:
http://www.brandstation.tv/widgets/bslister/

That code has now been changed, uploaded and patched.

Thank you again, Peter

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Encounter with "HTML:Iframe-inf" virus alert on Website
« Reply #14 on: March 29, 2009, 11:37:17 PM »
You're welcome, no detection now on that page.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security