6 replies to this topic

[YBS]

I use Avast, and this happens once in a while. I browse to a seemingly legitimate site, and it alerts me that it just stopped a trojan. If I abort the connection, I can't see the site. For example, this site ( http://www.yellowstonenationalpark.com ) seems like a perfectly normal informational website, but even its google-cached version triggers the trojan alert.

Would google be caching trojans?

Is this a false positive?

[Kalashnikover_Rebbe]

http://double.boublebarelled.ws/FrMal

What is the current listing status for double.boublebarelled.ws?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 81 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-06-01, and the last time suspicious content was found on this site was on 2009-06-01.

Malicious software includes 69 trojan(s).

This site was hosted on 1 network(s) including AS16265 (LEASEWEB).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, double.boublebarelled.ws did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 341 domain(s), including tuzona0.com/, azzahfalakhder.com/, sandiegoesl.com/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

[YBS]

http://double.boublebarelled.ws/FrMal

What is the current listing status for double.boublebarelled.ws?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

How did you get this?

[Kalashnikover_Rebbe]

How did you get this?

I looked through the source and didn't see anything. But then I remember that adblock gives a list of all the things on the page, and lo and behold it showed up as a tiny frame embedded in the page.......

BTW safari doesn't even let me go to that page and gives me a malware warning......

[YBS]

I looked through the source and didn't see anything. But then I remember that adblock gives a list of all the things on the page, and lo and behold it showed up as a tiny frame embedded in the page.......

BTW safari doesn't even let me go to that page and gives me a malware warning......

Did your antivirus put up a fuss? Avast blocks the whole site, unless you explicitly agree to download the trojan. I aborted it, so I didn't even get to see the source. And adblock only shows a bunch of gifs and a couple of JS's coming from google. Are you sure you didn't download the trojan?

[Kalashnikover_Rebbe]

Did your antivirus put up a fuss? Avast blocks the whole site, unless you explicitly agree to download the trojan. I aborted it, so I didn't even get to see the source. And adblock only shows a bunch of gifs and a couple of JS's coming from google. Are you sure you didn't download the trojan?

I don't HAVE an antivirus....
And I'm on a mac, I'm not overly concerned..... (it COULD be that firefox blocks that part automatically without saying anything, because when I try to load the site itself I get a malware warning, but the main site loads fine. Safari doen't want to load the page at all.)

ETA: I can't even load the site directly so it appears to have been taken down.....

[Dan]

JS:Bulered [Trj]

That's the alert I'm getting from Avast. Matches K_Rebs post.