Possible AntiVir Premium false positive?

This is what I see when I try to go to http://www.superantispyware.com/:

Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://www.superantispyware.com/
Information: Contains HEUR/HTML.Malware suspicious code

Can other users of AntiVir Premium confirm this? Very curious!

 

Yes, I get the same warning... I've got my guard settings at medium.

 

Site hacked, there's a obfuscated javascript who redirect to amigohello[DOT]com

 

I'm using Firefox 3.1 beta2 and it gives a message:

"the site at google-stats.com has been reported as an attack site and has been blocked based on your security preferences."

 

Are you sure?

 

Yes.

I send HEUR/HTML.Malware file to avira

Now superantispyware.com is clean.

 

Interesting.
You're right, I get no detection there now.

Good work for Avira: it was the only AV to detect it.

 

Would be nice to hear from Superantispyware, this sounds a bit worrying for such a respectable security company having the site been hacked...

Fax

 

Hi


I know this sounds really silly
But...
Is it safe to update my SAS ?

It's Kind Of Disturbing..
When A Security Company Can't Protect Their Own Website

Can You Imagine...
Someone going to the SAS website .. With No Protection
Because...
That's why they're going there... To Get Some

 

Looks like the SAS team hasn't done the weekly security check-up
Anyway the important thing is that it's fixed

 

Don't dramatize. Bigger security companies like F-Secure, Avast, etc had their websites hacked also a while ago.

 

We had another web server brought online into our array that was not in our automatic protection system that guards against attack and automatically restores files if a hack were to happen. It was firewalled and patched. Our servers are under nearly constant attack. It was only altered for a brief period of time and is now in our queue system.

 

thanks for the explanation

robin

 

Indeed... thank you for the insight
Fax

 

Geez Nick, what have you done to cheese off hackers to this point?! (Aside from making a powerful and threatening program to their malware, that is!) They're at it again at supernantispyware.com. As of the time of this post, AntiVir Premium's WebGuard informs me that the page contains the recognition pattern of the JS/Dldr.Agent.abl Java script virus. I'm sure things will be rectified in no time flat.

 

its not the only AV

kaspersky also detect it as multi-packed threat

 

yesterday it was the only one. I don't know for today.

 

if im not wrong you have submit the virus to a multi scanner site, and most of them are using kaspersky 7.0 not 8.0

 

And the multi packed file detection was added in 8.0, right?

 

things like this are why i switched from NOD32 to Avira

 

My wife's laptop has the latest build of KIS 2009 and it did not detect it yesterday or today. On my laptop, Avira stops it immdeiately!

 

Analysis of the SUPERAntiSpyware HomePage by Anubis for who's interested http://anubis.iseclab.org/?action=result&task_id=1ce3a18df793653f40d0c52ee495766e4&format=html

 

He's talking about the executable file, not the actual iframe. Plus, as far as I can see there is no malicious code on the site that is loading for me now. Only links to superantispyware.com related stuff and images, no iframes or scripts. (Beta script heuristics actually caught it )

 

btw did anyone see Avira free stop it or only the pro version?

robin

 

Avira wasn't the only one yesterday, KIS 2009 with beta Heuristics detected it as HEUR:Trojan.Script.Iframer
Screenshot: