Author Topic: False Positive? (Read 2970 times)

Rowie · « **on:** January 07, 2010, 11:04:18 PM »

I've attached an image of a warning I get when I go to westbrom.com

This is a respected football fans site and the site administrators insist there are no viruses.

I like to access this site regularly, so is there any way of stopping this warning.

wfuhdehr · « **Reply #1 on:** January 07, 2010, 11:26:07 PM »

Where is the image???

wfuhdehr · « **Reply #2 on:** January 07, 2010, 11:36:28 PM »

Sorry I've just saw it now.
Try to send the address http://www.westbrom.com/forum/index.php to this site http://www.virustotal.com/pt/ and just wait for the answer, the answer it's almost instantaneous.

wfuhdehr · « **Reply #3 on:** January 07, 2010, 11:39:22 PM »

The site is:

http://www.virustotal.com/pt/

DavidR · « **Reply #4 on:** January 08, 2010, 12:54:07 AM »

It looks like the site may have been hacked.

The favicon.ico file looks like it has been hacked. This is a common tactic as browsers load the favicon.ico and this one has a hidden iframe tag added to the file (see image) and that points to a Chinese .cn domain name imagehut3.cn probably somewhat strange for westbrom.

So I guess the site administrators need to look again and see if that iframe tag is legit.

YoKenny · « **Reply #5 on:** January 08, 2010, 01:42:48 AM »

Please see:
Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414

Please edit your posts to make the www into wxw for westbrom.com to make the links non-clickable

Author Topic: False Positive? (Read 2970 times)

Rowie

False Positive?

wfuhdehr

Re: False Positive?

wfuhdehr

Re: False Positive?

wfuhdehr

Re: False Positive?

DavidR

Re: False Positive?

YoKenny

Re: False Positive?