Hi stavstav,
The message you clicked on is intended for webmasters whose websites got infected through an infected desktop computer with that particular script. The virus is a so-called password stealer and all of the website code will become infected through it eventually and then it will try to infect unprotected users that visit those infected sites to further infect, and so on and so forth.
So as long as the site is still infected with this particular malscript, please stay away from it and inform the webmaster there that he should cleanse his site or get help to get it cleansed. You could ask him to visit this thread for info.
He initially got infected through a wordpress vulnerability via timthumb.php: see:
http://wewatchyourwebsite.com/wordpress/tag/string-prototype-testharc/Despite of the fact that the site is given clean here:
http://urlquery.net/report.php?id=3949and also here:
http://siteinspector.comodo.com/public/reports/383186Sucuri still marks it as infected here:
-http://www.abeforum.com/forum.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/register.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/faq.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/search.php?s=f8a062fcd4000c2527b41933393b23fa&do=getdaily&contenttype=vBForum_Post
-http://www.abeforum.com/calendar.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/memberlist.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/forumdisplay.php?s=f8a062fcd4000c2527b41933393b23fa&do=markread&markreadhash=guest
-http://www.abeforum.com/showgroups.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/search.php?s=f8a062fcd4000c2527b41933393b23fa
-http://www.abeforum.com/search.php?s=f8a062fcd4000c2527b41933393b23fa for Google UA
The infected status is confirmed here:
http://www.UnmaskParasites.com/security-report/?page=www.abeforum.com verdict: 1 suspicious inline script found
The hoster of the site Ace Data Centers, Inc. = AS11798 has 1967 Blacklisted URLs (not reassuring these security data) What is going on via these blacklisted URL's, a whole scala of
online malevolence, like there are:
...malicious URLs? Yes
...badware? Yes
...botnet C&C servers? Yes
...exploit servers? Yes
...Zeus botnet servers? No
...Current Events? Yes
...phishing servers? Yes
...spam servers? No
...spam bots? Yes
...spam activity? No (above info found here:
http://sitevet.com/db/asn/AS11798)
polonus