English
Français 
Deutsch 
Italiano 
日本語 
Русский 
Español 
Čeština 
polski 
Português 
Türkçe 
Ukrainian Would you like an iframe, sir?
Yesterday, when I was about to get something to eat, my attempt to check a menu online ended up with a warning about HTML:Iframe-LZ. Well, that’s quite spicy content of common daily offer. So, let’s look what’s under the hood.
Starter: a piece of JavaScript at the end of page – served in a nicely roasted layer of obfuscation, really delicious.
delicious script
Main course: you can choose either a speciality of Chinese cuisine delivered by hxxp://b.nt002.cn/E/J.JS (it’s fortunately down already) or a Russian saschlik that contains some popular ingredients (such as google, classmates or linkhelper) in following order - hxxp://clicksor-com.eastmoney.com.mobile-de.homesaleplus.ru: 8080/ocn.ne.jp/ocn.ne.jp/ classmates.com/linkhelper.cn/google.com/ (also down already, but these two links belong to a Gumblar system).
Dessert: a nice little snippet to carry the execution of all the malcode.
cake & coffee
Anyone else hungry out there? 
avast! on Twitter
avast! on Facebook
Michal,
I am always hungry to learn from you guys…
Please teach me more…and more….
cheers,
Hi Michal,
I don’t see that avast! block one of your referenced site like :
hxxp://www.unmaskparasites.com/security-report/?page=www.duowan.com/0910/119283364074.html
When i opened it, then nothing happened with avast! which is detected at this site contains some suspicious link.
cheers,
yanto chiang
Hi there, in one of your post (here: http://blog.avast.com/2010/02/18/ads-poisoning-–-jsprontexi/ ), there’s someone who is asking this question:
I would like to know it too, do we need to activate the webshield to detect those JS viruses or not? I ask this because I myself usually turn the webshield off because it interfering with my firewall.
Best regards.
@Yanto Chiang
I’m not certain whether duowan.com is really related to any of my references, because they were unreachable when I tried them.
@Chocobollz
This infection was caught by Web shield. I can only suggest you to turn it on, because a vast majority of malware attacks comes from internet/surfing nowadays. Some issues with slow browsing while having web shield turned on are currently discussed here http://forum.avast.com/index.php?topic=56694.0
Hi Michal,
It’s okay,
I randomly analyze your referenced link,
Anyway, nice article to share with us…keep go forth to give contribution about security issues in IT world.
cheers,
yanto chiang
@Michal Krejdl
Thank you for your reply. Anyway, speed isn’t the issue for me, the problem is, if I turn the webshield on, it makes my firewall (Outpost Firewall Pro) becomes ineffective, I mean, all of the connection requests made by the browser will be shown as came from the webshield, not the browser itself, so it kind of make my firewall useless as it cannot apply restrictions based on individual application. I just hope that Avast would place its scanner after a firewall, not before it. That would likely solve the problem.
Hello,
Webshield acts as HTTP proxy so all traffic going through the webshield to the internet. We recommend you to use our built in firewall in Avast Internet Security.
HI
Sorry for posting here but i have a problem i dont now how to solve.
Iam using comodo Dragon as my default browser and when i check my Avast settings i cant see any activity in the webshield. Comodo Dragon is a very new browser but it´s similar to Google Chrome. Webshield do not scan when i am surfing the web.
But Avast scanner is scanning my networktraffic even if i use Comodo Dragon and when i´m switch to Internet Explorer8 everything work as it should.
I dont wont to be unprotected when i surf the web using comodo. Can you please give me an explanation?
Sorry, i forgot to say that i am running Comodo Dragon and Avast with Windows 7 Ultimate x86
sorry for my bad English
avast megustaria que ubiera un serviosio tecnico online mas seguridad
Hello,
please leave us a ticket on support.avast.com so we can handle your problem effectively and we can track our communication. Meanwhile I am going to test the browser.
@Magnus Johansson
Hello,
good news Magnus
Within next 48 hours you will receive new VPS update and Avast Webshield will scan the Comodo Dragon packets. So just keep your VPS updates running.
@Vojta – Avast support team
Interesting, there was a question about this on the forum…
So the OptinProcess will not be needed anymore?
The thread: http://forum.avast.com/index.php?topic=57721
-Scott-
Thank you for today’s (29 March, 2010) blog “Why does http://www.avast.eu take me to the Avira website?…..or isn’t security built on trust?”
I have my own problems with Avira. It is helpful to know this information in order that I may help those who truly want avast! Do not be misled. You are correct. Trust is very important.
Thank you again.
GWA
@GW Anderson
This domain is owned by Avira since 2006. Our official domain is avast.com.
Thank you. I do not understand the RSS feed which I mentioned in the above note which came this morning.
@GW Anderson
Oh, now I can see it. I was a bit confused, because the article is not available except those RSS readers that caught it.
Was the article withdrawn? When I went to the website to view the complete article, I was ‘welcomed’ to the Error 404 page.
Thanks for responding.
Sorry for that. Hit the publish button before it was ready. It is there now.
@Vojta – Avast support team.
comodo still dont work with Avast 5.0. I have reinstalled Avast like you suggested and i also reinstalled Comodo. Can you solve this or i am consider uninstall Avast and try something else.
@Scott. I modified the ini. file and it did the trick but why should i need to do that for? This bug in Avast or Comodo can´t be impossible to fix. I have been in contact with both Avast support and the Comodo support and both said the problem is solved. Is it me and my computer or what?
@magnus johansson
It is not necessarily a bug in either.
As I know it there is a list of browsers that are scanned by default (e.g. IE, Fx, the other mainstream browsers) and Dragon is not currently on that list.
I am not quite sure as to why this is but it is the way that it is done.
The INI modification is a workaround of sorts, and adds dragon to be scanned.
The way I see it is that Dragon is not so well known to the ALWIL devs and so they have to look into it before it gets scanned.
It was initially also the same with Chrome, but now it is supported by default.
-Scott-
p.s. Glad the thread helped
Problem solved.
The latest VPS update did the trick. Feels so good!
Thanks everyone who helped me with this especially @Scott and @Vojta – Avast support team
You’re Welcome
Hello,
it is already in the Avast code so there is no need to add it manually.
@Vojta – Avast support team
Hi,
Yes, I saw that in the thread and in Magnus Johansson’s post
-Scott-
@Vojta – Avast support team
As a side note, maybe the knowledge-base article on the subject could be updated for version 5?
Hi trend micro detected this website hxxp://www.swfcabin.com/open/1243702443 as malware and i went on the website on my home computer and i’m scared my computer is infected with the malware can you get avast home the free antivirus to detect it please im begging you im very scared and i just payed $100 dollars to have my computer fixed so please get avast! home the free antivirus version to detect the malware. so please get avast home the free antivirus to detect it
@spg SCOTT
Do you mean article about this particular browser or general note about adding the browser into the webshield?
I was thinking about this one:
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=374
Maybe it could be updated to include the ones that are scanned in V5
And possibly have it show how to optin one that is not scanned?
-Scott-
@spg SCOTT
Hello Scott,
it will be updated.
@Vojta – Avast support team
Cool, Thanks
The more knowledgebase articles we have, the better
-Scott-
Please cancel my avast anti-virus and e-mail me the results in cancelling this system from my computer.
Patti
2YA7
Please notify me of system being off my computer. There is no cancelling information and I no longer want it on my computer. E-mail me these results of no longer having avast on my computer. As soon as possible I want it off my computer, and a response from you. Send response to psasala@verizon.net
Thank You,
Patti Sasala