Author Topic: Avast misreporting or messagelabs wrong?  (Read 2345 times)

0 Members and 1 Guest are viewing this topic.

DavidW

  • Guest
Avast misreporting or messagelabs wrong?
« on: January 13, 2010, 01:07:08 AM »
Hi

When going to this website : hxttp://blog.karentran.com/?tag=rhinestone-sea-shells we get this series of error alerts



and relevant messages in ADNM console as well.

All browsing is initially filtered by a message labs proxy, and when asking them why they aren't blocking this, they are adamant there is nothing wrong with that website. Can anyone help advise whats going on here?

Thanks

spg SCOTT

  • Guest
Re: Avast misreporting or messagelabs wrong?
« Reply #1 on: January 13, 2010, 01:47:13 AM »
Hi DavidW, welcome to the forum :)

avast! is right, there is an iframe that loads malicious content (as observed by the first alert in your image) avoiding the scanning by using port 8080, which doesn't work. The reason it was hacked? The version of Wordpress used is out of date and leaves the site vulnerable to attack.

This kind of detection is very common these days, with many 'legitimate sites' becoming hacked to distribute malware:

Every 3.6 seconds a website is infected

The info can be seen here:
http://www.UnmaskParasites.com/security-report/?page=blog.karentran.com/%3Ftag%3Drhinestone-sea-shells

Oddly though, I cannot understand why you get the standard shield alerting and then the webshield, it should be the other way around, and the webshield should stop the rest getting through as well.

-Scott-

DavidW

  • Guest
Re: Avast misreporting or messagelabs wrong?
« Reply #2 on: January 13, 2010, 01:58:30 AM »
Thanks