Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User wingco1
(eat-sleep-adslguide) Tue 12-Apr-11 18:43:55
Print Post

JS:IFrame-BG [Trj]


[link to this post]
 
On visiting a certain website Avast AV pops up a Warning "TROJAN HORSE BLOCKED" on one of my laptops, but no warning on the other running a different AV. Navigating the site results in the same repeated warnings.

The other laptop doesn't report any problems with the site. Google doesn't help with the "JS:IFrame-BG [Trj]" so I don't know if it's a false positive or not.

Any help greatly appreciated.
Standard User tommy45
(fountain of knowledge) Tue 12-Apr-11 19:26:41
Print Post

Re: JS:IFrame-BG [Trj]


[re: wingco1] [link to this post]
 
Without the web site address there isn't really anyway any one can test if there is a malicious script or not Some info on it

Edited by tommy45 (Tue 12-Apr-11 19:32:17)

Standard User john2007
(legend) Tue 12-Apr-11 20:25:44
Print Post

Re: JS:IFrame-BG [Trj]


[re: wingco1] [link to this post]
 
I don't know but does JS indicate JavaScript? Perhaps one of your machines allows JavaScript by default and the other doesn't.


Register (or login) on our website and you will not see this ad.

Standard User wingco1
(eat-sleep-adslguide) Tue 12-Apr-11 21:29:56
Print Post

Re: JS:IFrame-BG [Trj]


[re: tommy45] [link to this post]
 
The website that triggers Avast is www.walbyfarmpark.co.uk
Standard User GeeTee
(member) Tue 12-Apr-11 21:40:27
Print Post

Re: JS:IFrame-BG [Trj]


[re: wingco1] [link to this post]
 
Firefox 4.0 gives its Reported Attack Page warning when trying to visit that page.....

This web page at www.walbyfarmpark.co.uk has been reported as an attack page and has been blocked based on your security preferences.

Doesn't mean it necessarily is toxic though.

"JS IFrame" I would expect refers to a javascript iframe, usually used to serve dynamic ads. Often the content served to these iframes is not under the control of the site owner and have been known to be used as a way to get malware onto otherwise innocuous sites using the ad serving service as a vector to inject it.
Standard User tommy45
(fountain of knowledge) Tue 12-Apr-11 21:53:31
Print Post

Re: JS:IFrame-BG [Trj]


[re: GeeTee] [link to this post]
 
http://www.walbyfarmpark.co.uk/frameplay/index.html
JS/Kryptik.AB trojan connection terminated - quarantined,

is what eset smart security 4 reports , as so many av 's are flagging it ,the web page may well have a malicious script(java) running on it could be down to something like this info maybe relivent
Safe Browsing
Diagnostic page for walbyfarmpark.co.uk

What is the current listing status for walbyfarmpark.co.uk?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 12 pages that we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2011-04-12, and the last time that suspicious content was found on this site was on 2011-04-12.

Malicious software includes 5 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 2 domain(s), including lobotom.cz.cc/, youztest.cz.cc/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including live-free.in/.

This site was hosted on 1 network(s) including AS33970 (OPENHOSTING).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, walbyfarmpark.co.uk did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.


Edited by tommy45 (Tue 12-Apr-11 22:01:38)

Standard User Apprentice
(knowledge is power) Tue 12-Apr-11 23:00:43
Print Post

Re: JS:IFrame-BG [Trj]


[re: tommy45] [link to this post]
 
Updated info from Google, warning flagged up by Kaspersky > LINK

Alastair

omadasafisho
Standard User greyposter
(knowledge is power) Wed 13-Apr-11 21:27:07
Print Post

Re: JS:IFrame-BG [Trj]


[re: Apprentice] [link to this post]
 
Snap for both.

Bristol

The trouble with jogging is that, by the time you realize your not in shape for it, it's to far to walk back.


BE*
  Print Thread

Jump to