Author Topic: avast! web shield has blocked a threat  (Read 2898 times)

0 Members and 1 Guest are viewing this topic.

Offline alghorabaaa

  • Full Member
  • ***
  • Posts: 131
avast! web shield has blocked a threat
« on: March 13, 2010, 01:30:47 PM »
Hi,

I can't access to ( Princess Juliana International Airport ) website ...

http://www.pjiae.com/

avast give me this warning :

Infection : HTML:Iframe-inf
Action : Connection aborted
« Last Edit: March 13, 2010, 01:37:28 PM by alghorabaaa »
AMD Athlon™ X2 Dual-Core 6000+ / Windows 7 Home Premium 64bit / 4 GB RAM / 800 GB HD / avast! PRO Antivirus v7.0.1407

Windows XP Professional 32bit - SP3 / 2.5 GB RAM / 80 GB HD / avast! PRO Antivirus v7.0.1407

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1422
Re: avast! web shield has blocked a threat
« Reply #1 on: March 13, 2010, 01:46:24 PM »

Offline Pedro Hin

  • Jr. Member
  • **
  • Posts: 67
Re: avast! web shield has blocked a threat
« Reply #2 on: March 13, 2010, 02:02:28 PM »
The iframe is pointing to hxxp://auto-stats.info/eng/in.cgi?2 ; a domain that was created just a week ago.

It looks like the domain is already unreachable. Maybe the company hosting auto-stats.info has already pulled the plug on whatever was lurking behind that link.

Since the iframe tag has dimensions of width=0 height=0 border=0 , my guess is that there was a malicious PDF hiding in there

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1422
Re: avast! web shield has blocked a threat
« Reply #3 on: March 13, 2010, 02:11:19 PM »
Yup proving that WOT is still not that useful also ~_^

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71134
  • No support PMs thanks
Re: avast! web shield has blocked a threat
« Reply #4 on: March 13, 2010, 05:38:36 PM »
WOT isn't an antivirus which checks in real time for infection, so its purpose/use is completely different.

The site does appear to have been hacked and avast isn't alone in detecting this, though there are very few AVs looking for this type of infection much less detect it, see VT Results.
http://www.virustotal.com/analisis/fb4c3e8c03313745e3371ee3d16544943e6ee833c2fa6d36c86f20b66bafff97-1268498022

The inserted hidden iframe after the opening Body tag is the culprit and avast also blocks access to that site as it is considered malicious, see image.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2214 R2/ Outpost Firewall Pro9.1/ Firefox 36.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sss

  • Newbie
  • *
  • Posts: 17
Re: avast! web shield has blocked a threat
« Reply #5 on: March 14, 2010, 09:09:12 AM »
Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast's engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here. 

 

Offline alghorabaaa

  • Full Member
  • ***
  • Posts: 131
Re: avast! web shield has blocked a threat
« Reply #6 on: March 14, 2010, 11:20:12 AM »
Thank you all !
AMD Athlon™ X2 Dual-Core 6000+ / Windows 7 Home Premium 64bit / 4 GB RAM / 800 GB HD / avast! PRO Antivirus v7.0.1407

Windows XP Professional 32bit - SP3 / 2.5 GB RAM / 80 GB HD / avast! PRO Antivirus v7.0.1407

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71134
  • No support PMs thanks
Re: avast! web shield has blocked a threat
« Reply #7 on: March 14, 2010, 02:21:16 PM »
Thanks DavidR for sharing the link.
It is good when we get to look at any genuine practical comparison of antiviruses in regards to detection.
It is disappointing to see so many popular antiviruses failing to detect such threats.
Among the popular ones I see only Gdata, Avast & Avira protecting from this.
Gdata is obviously detecting this because of Avast's engine.
That only leaves Avast & Avira among the better known antiviruses that are doing a good job here. 

You're welcome.

I think that there are others that detect this, but in this instance the actual inserted iframe looks innocuous with just a single line but I believe avast comes into its own by not only having the web shield but also the network shields malicious sites list.

I don't know if in the case of iframe tags like this the web shield also checks the link against the malicious sites list. Suffice to say the web shield has a very good detection and accuracy rate on this type of thing.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2214 R2/ Outpost Firewall Pro9.1/ Firefox 36.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security