Where the avast shield beats normal avast detection..

[polonus]

Hi forum users,

To get an idea of the malware at this site see this Wepawet analysis: http://wepawet.iseclab.org/view.php?hash=82847082295d598b38c117f0a532fd9c&t=1305750098&type=js  (or see attached)
Given benign there, it is not because of the script there (translates to ^iframe name=c10 src='-http:/g/) ,
and the hidden iFrame is a detection for HTML files that contain hidden iframe elements.
that attempt to perform malicious actions on the computer
                             -.-
But trying to scan the site at sucuri's I got a JS:Packed-BA[Trj} flagged from the avast Webshield
                             -.-
SOS webscan found: We found 1 virus attack url(s) at this website.
htxp://thebestyoucanfind.cn:8080/ts/in.cgi?pepsi3
                             -.-
Site detected by Trend Micro Site Safety Center as dangerous
The site it links to is also dangerous, see: http://www.urlvoid.com/scan/gogo2me.net
Also read this write up on the Hidden Iframe Injection (article source: Unmasked Parasites Blog developer):
http://blog.unmaskparasites.com/2009/01/14/gogo2me-hidden-iframe-injection/

Here the VT detection of the link": http://www.virustotal.com/url-scan/report.html?id=82847082295d598b38c117f0a532fd9c-1305742380
and
VT file scan with avast's detection as HTML:Illiframe: http://www.virustotal.com/file-scan/report.html?id=f5ee636d80a7990b84df0c64df74eaeafbf3361cbd4b8191696cd6552fe10aa9-1305750091   Team-CYMRU.org says 40% detected malware, see:
source: https://www.vicheck.ca/md5query.php?hash=ff22e089066d6452204347fe39ebd706

polonus

[Asyn]

[OT]

Hi pol,
could you please post larger screenshots, the tiny ones (320x240) aren't readable.
Thanks,
asyn

[polonus]

Hi Asyn,

Well the wepawet search link gave you the bigger picture anyway...

Another time where I was beaten by the Webshield was here:

Checking: htxp://mcinternational.ro

>htxp://mcinternational.ro/Script.0 infected with JS.Redirector.64  DrWeb flag
>htxp://mcinternational.ro/Script.1 infected with JS.Redirector.64  idem

>htxp://mcinternational.ro/Script.10 infected with JS.Click.217     idem
>htxp://mcinternational.ro/Script.11 infected with JS.Click.217     idem

When I tried to open the main site in jsunpack the disconnected on blocking the following Trojan Horse JS:Illredir-CJ[Trj]
same happened when trying to scan the malware link with  http://sitecheck.sucuri.net/scanner/ Trojan Horse JS:Illredir-CJ[Trj]

See the VT scan: http://www.virustotal.com/file-scan/report.html?id=a401a820c01e83fe7ef636c5c15d44a02bbe21319425056734e36e52dffd7fd5-1305930093
where avast detects JS:IFrame-AQ

polonus

[lareinatortura]

Hi polonus,

I have a question for you.  What do you mean by "virtual machine?"  (You typed, "...and use a virtual machine and be safe(r)!")  I feel kind of stupid asking, but I don't know what a virtual machine is!   

[DavidR]

Google is your friend, give it a whirl and search for virtual machine and you would have found this as the result at the top of the list, http://en.wikipedia.org/wiki/Virtual_machine.

[lareinatortura]

Google is your friend, give it a whirl and search for virtual machine and you would have found this as the result at the top of the list, http://en.wikipedia.org/wiki/Virtual_machine.

Ohh!  Thank you, DavidR!

I think I have an idea of what this is.  Is it similar to the concept of "virtual keyboards" that certain sites have? -I know people that absolutely hate virtual keyboards. . but. . man, if I could use one daily for entering in passwords and sensitive info, I definitely would.

[Asyn]

Hi Asyn,
Well the wepawet search link gave you the bigger picture anyway...

I know, but what's the reason to post a screenshot then, anyway..??
Btw, I meant that for all of your screenshots, as they're usually too small to read.
Thanks and please don't be angry,
asyn

[DavidR]

Google is your friend, give it a whirl and search for virtual machine and you would have found this as the result at the top of the list, http://en.wikipedia.org/wiki/Virtual_machine.

Ohh!  Thank you, DavidR!

I think I have an idea of what this is.  Is it similar to the concept of "virtual keyboards" that certain sites have? -I know people that absolutely hate virtual keyboards. . but. . man, if I could use one daily for entering in passwords and sensitive info, I definitely would.

Not really it isn't the same, but virtual would apply in that sense, the keyboard doesn't physically exist.

Virtual Keyboards such as the windows On Screen Keyboard, Windows key + R and type OSK and you will see it. That however doesn't stop some keyloggers from being able to capturing that input.

[lareinatortura]

Google is your friend, give it a whirl and search for virtual machine and you would have found this as the result at the top of the list, http://en.wikipedia.org/wiki/Virtual_machine.

Ohh!  Thank you, DavidR!

I think I have an idea of what this is.  Is it similar to the concept of "virtual keyboards" that certain sites have? -I know people that absolutely hate virtual keyboards. . but. . man, if I could use one daily for entering in passwords and sensitive info, I definitely would.

Not really it isn't the same, but virtual would apply in that sense, the keyboard doesn't physically exist.

Virtual Keyboards such as the windows On Screen Keyboard, Windows key + R and type OSK and you will see it. That however doesn't stop some keyloggers from being able to capturing that input.

Ah, I see.  I will keep reading about the virtual machine concept. From what I've read, I like where it's going.  I feel like a schmuck, 'cause I had no idea that one could run a Windows virtual keyboard; at first, I thought it sounded great, but then you said that it doesn't stop some keyloggers.  Given that the virtual keyboard doesn't stop some keyloggers, would it be useless for me to use?

[DavidR]

The avast SafeZone only in the avast Pro and AIS paid versions would protect against keyloggers when using on-line banking, private sites, etc. It gives an isolated desktop and uses a different dedicated browser (Chromium variant designed/modified by avast). It is this isolation that protects against keyloggers, etc.

[lareinatortura]

The avast SafeZone only in the avast Pro and AIS paid versions would protect against keyloggers when using on-line banking, private sites, etc. It gives an isolated desktop and uses a different dedicated browser (Chromium variant designed/modified by avast). It is this isolation that protects against keyloggers, etc.

I think I may invest in Avast Pro.  :-|

[Lisandro]

I think I may invest in Avast Pro.  :-|

You won't regret

[Asyn]

I think I may invest in Avast Pro.  :-|

You won't regret

He will regret, as AIS is even better.

[Lisandro]

He will regret, as AIS is even better.

Caught me

[Asyn]

He will regret, as AIS is even better.

Caught me

Did I win anything..?