Is U.A.E.'s (Dubai) No. 2 Portal (Dubizzle.com) Infected by Trojan???

[Art_2010]

Hi guys,

Can you please help me identify if the U.A.E.’s No. 2 (probably) portal has been compromised by a Trojan Horse virus?

A moment ago I’ve tried visiting this website dubizzle.com several times with different browsers but it all ended up with me having my AVAST (Free version) warned me about a Trojan Horse infection.  Luckily the warning says that the threat was blocked.  In all the websites that I've recently visited, the warning only showed up in this website alone.

Based on the warning it seems there was a Java script embedded in the website that triggers the infection, it is called (JS:Downloader-AFY )?  I don’t know if I’m just the only one experiencing this or maybe my PC was the one who has been infected?  I’m regularly visiting this website and it only happens to me just now.

What would you think?  Is it safe for users to further browse this website? I’ve attached a screenshot of the said notification in order for you to check if it is just a false-positive?

[Pondus]

The URL in the avast! warning is different then the one you posted. I get nothing on the one you posted but the one in the avast! warning gives this

VirusTotal - top_1286364087.js - 3/43
http://www.virustotal.com/file-scan/report.html?id=c5ec8fd089c4d45551b2abc9082744ba4ca673da3d62a3e8e5d3a93b8291baff-1286917346

[Art_2010]

Sorry, I didn't get it?

If I'm right you haven't get any warning as per shown in the screenshot?  If yes, why I'm getting it?  Does it mean that the virus resides in my PC and not in the mentioned website?

[Pondus]

Not with any online scanner, have not tried with avast!. And the virus is on the website, avast! blocked it

[Hermite15]

I get two alerts on that site, one from the web shield, and another one from the file system shield. Wondering how come that the web shield didn't block everything (apparently there's an archive involved that complicated the task somehow...)

ps: @ the OP, can you deactivate your link by replacing http by hxxp?

[Pondus]

I have now tried entering the above posted URL with avast! and IE8 / Chrome / Opera and no warning   

[Hermite15]

okay the first test with two alerts was in IE9, I just retried with Firefox 4 and there's only the web shield alert (with JS allowed to run on the site)... so there's an issue between IE9 and the web shield it seems...

[Hermite15]

I have now tried entering the above posted URL with avast! and IE8 / Chrome / Opera and no warning   

if you get nothing on the main page of the site, click a link on it.

[Art_2010]

Yes, click some links and you will get something, if not probably because of your AVAST version, mine is ver. 5.0.677..

[Hermite15]

okay, same in Chrome like in Firefox, just a web shield alert, meaning that there's a flaw somewhere allowing malware to partially bypass the web shield in IE9.

[Pondus]

OK clicking links give alarm with IE8 and Chrome but nothing with Opera

[Art_2010]

hhhmmm? It seems the virus is directly targeting IE, Firefox and Chrome?

[Hermite15]

again, Art_2010, can you deactivate the link in your first post? (make it hxxp)

[Hermite15]

lol forgot to mention something important >>> my first test in IE9 generating a file shield alert was done with IE9 sandboxed >>> see my screen shot above with malware detected in the IE temp folder

C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D0BU9CEB\top_1286364087[1].js [L] JS:Downloader-AFY [Trj] (0)

[!Donovan]

Notified WOT: http://www.mywot.com/en/forum/7980-dubizzle-com-rated-green-when-hacks-certain-browsers

Sent Report to Browser Defender.