Malicious site

[avast_junkie]

Hi i'm new here  

I using avast! for almost 3 months and quite satisfied, i'm amazed with the speed of avast. Before that I use norton, kaspersky which makes my pc really slow.
Recently I visited the Indonesian website hxxp:\\www.d60pc.com (quite popular site) this site about freeware and tutorial.
When I visited the site, network shiled detects hxxp:\\www.d60pc.com as a malicious site, with norton or kaspersky, they not detect as malicious site
And i try pause the network shield, avast! showing popup like this


Both Norton & Kaspersky not found anything (tested with other PC)
After that I did a quick scan, but did not find any

Please the experts here can provide me some answer about that site is really dangerous or just false positive.

Thanks before

PS: Sorry for my english  

[Lisandro]

Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?
Maybe you could contact its webmaster.

Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).

Hope Kubecj could check if the site is clean and if it is a false positive.
Welcome to avast forums

[igor]

Network Shield blocks the domain, Web Shield finds a malware in the actual web... that certainly doesn't sound like a false positive.

[Mr.Agent]

Strange result from here

http://wepawet.iseclab.org/view.php?hash=3afc56e4256a0eae396f3b38cfdcb7dc&t=1255189002&type=js

http://www.UnmaskParasites.com/security-report/?page=d60pc.com

He is very vunerable as i can see he didnt update so much his program...

Mr.Agent

[Mr.Agent]

Sorry for double post.

Also look the comments from HP Host http://www.mywot.com/en/scorecard/www.d60pc.com

This sound very strange for me.

[avast_junkie]

Wow
Thx for fast replies, so the conclusion is that is contain malware
Only avast was able to detect it

Thx guys

[nmb]

The main reason for the site to get infected is this : Warning: Old version of WordPress. It may be vulnerable. Please upgrade. you can see on the unmaskparasites webpage, you may ask the webmaster to update to latest version of the software and also change the password.

http://www.UnmaskParasites.com/security-report/?page=d60pc.com

nmb

[Mr.Agent]

Exactly nmb i did also missed up my link of unmasked so i did edit mine. lol.

Still i did it first you are too late

[nmb]

more than the link, I wanted him to know the probable reason for the iframe injection as you can see in my post in bold letters.

nmb

[polonus]

Hi avast_junkie,

While 23,500 new infected Web pages - one every 3.6 seconds - were detected each day during the first 6 months of this year. Read about the reasons of compromised sites here:
http://features.techworld.com/security/3201799/seven-reasons-websites-are-not-secure/?pn=1  and
http://features.techworld.com/security/3201799/seven-reasons-websites-are-not-secure/?pn=2
For the websites the reason is older vulnerable software used by hoster and/or webadmin: PHP, script exploits.
buggy older software. For online browser users not fully updated and patched OS and third party software (check with Secunia PSI).
Also read on Sanitizing code: http://ask.metafilter.com/70682/How-to-Sanitize-HTML-Javascript-Security
A first and only online diff tool: http://utilitymill.com/utility/Text_Diff

polonus

[avast_junkie]

Hi avast_junkie,

While 23,500 new infected Web pages - one every 3.6 seconds - were detected each day during the first 6 months of this year. Read about the reasons of compromised sites here:
http://features.techworld.com/security/3201799/seven-reasons-websites-are-not-secure/?pn=1  and
http://features.techworld.com/security/3201799/seven-reasons-websites-are-not-secure/?pn=2
For the websites the reason is older vulnerable software used by hoster and/or webadmin: PHP, script exploits.
buggy older software. For online browser users not fully updated and patched OS and third party software (check with Secunia PSI).
Also read on Sanitizing code: http://ask.metafilter.com/70682/How-to-Sanitize-HTML-Javascript-Security
A first and only online diff tool: http://utilitymill.com/utility/Text_Diff

polonus

Thanks polonus, thats very clear now
May i ask once again this is a stupid qustion, why another well known AV can't find anything on that site.
How about hxxp://gf.wiretarget.com
http://www.mywot.com/en/scorecard/gf.wiretarget.com
http://www.unmaskparasites.com/security-report/?page=http%3A//gf.wiretarget.com

whether this is the right room for this question? 

[YoKenny]

@avast_junkie

hxxp://gf.wiretarget.com has keygens and should be blocked

Code: [Select]

10/11/2009 4:46:45 AM SYSTEM 1960 Sign of "HTML:RedirBA-inf [Trj]" has been found in "hxxp://74.125.95.132/search?q=cache:Z8G7ndk0ySoJ:gf.wiretarget.com/+gf.wiretarget.com&cd=1&hl=en&ct=clnk&gl=ca\{gzip}" file.  

avast! protects you from infections but if you insist on looking for warez or cracked software then your system will become infected.

I liked Nasi Goreng when I was there:
http://images.google.ca/imgres?imgurl=http://unofficialcook.com/wp-content/uploads/2006/02/NasiGoreng.png&imgrefurl=http://unofficialcook.com/recipes/masakan-indonesia-nasi-goreng/&usg=__blF3WrvHZmJzSAKFgnFpszyu70o=&h=431&w=522&sz=308&hl=en&start=2&um=1&tbnid=aDNFLSvrQUdGsM:&tbnh=108&tbnw=131&prev=/images%3Fq%3Dnasi%2Bgoreng%2Bindonesia%26hl%3Den%26sa%3DX%26um%3D1

[avast_junkie]

Nasi goreng i love it too 
Sorry off topic