There’s no trojan on that page.. on the link posted perhaps, but otherwise not…
Which seems quite clear considering the nature of said thread…
Yes there is a trojan on that topic, says my avast.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
It’s a false alarm from Avast.
Thread Starter
hpguru
(@hpguru)
In this topic (http://wordpress.org/support/topic/269854) is VIRUS. Not false positive.
http://forum.avast.com/index.php?topic=54797.0
Admin please delete this code and make image available http://forum.avast.com/index.php?action=dlattach;topic=54797.0;attach=43034;image in topic.
“The problem is some idiot posted the complete script code on the page instead of using an image and to make it worse even posts a direct active link to the hacked page.
Unfortunately avast treats the text based script code the same as if it were in the html code as that is what it is looking at.”
The warning I got included a message describing the threat as an “exploit link to a known exploit site” and denies my browser (Windows/Firefox/AVG) access to the entire page.
Thread Starter
hpguru
(@hpguru)
AVG maybe not detect malicious script. Avast did this. Topic must be cleaned!
So flag the post modlook and reply saying that.
I suppose if they wrap it in code tags, it’ll stop pinging your virus scan. Your browser shouldn’t be executing that code, anyway, since the php doesn’t ‘work.’
I believe I stated that AVG did detect it. I also stated that what it detected, was a known exploit link to a known exploit site. Then it refused to let me view the page.
Thread Starter
hpguru
(@hpguru)
David from Avast team:
Thanks, hopefully they will need your suggestion/advice when posting exploit/malicious script code, use an image or break the code in a way it can’t be taken for the real threat.
http://forum.avast.com/index.php?topic=54797.msg463789#msg463789
I’ve removed the link, so whether it’s a real virus or not is irrelevant now, I guess.
Yes, the code for the hack is there, but it’s not active content, so any browser that treats it as such is just plain odd.
Thread Starter
hpguru
(@hpguru)
Just Avast detect it to virus code.
Unfortunately avast treats the text based script code the same as if it were in the html code as that is what it is looking at.
Thread Starter
hpguru
(@hpguru)
Could you please remove or break the malicious code? Avast -> Iframe trj.
Thread Starter
hpguru
(@hpguru)
Thank you. Now i am able to click link without any virus warning.
IMO this is AVAST being a silly program.
The page has PHP code, encoded, which isn’t smart, but it’s not ‘wrong’. It’s not, in any way, shape, or form executable code. The <?php ... ?> code doesn’t run.
<?php
Echo “Hello, World!”;
?>
should be sanitized by the parser and just show up as text. Unformated, ugly, text, but text. So the fact that you have a evil link checker that looks back at that plain text and says ‘Danger Will Robinson!’ is an overreaction on it’s part.
More logical would be for it to say ‘Hey, if the inline text has evil PHP, let the page load and don’t execute it. After all, the browser wasn’t gonna anyway.’
Unless of course IE is idiotic enough to parse it.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Unless of course IE is idiotic enough to parse it.
Would not surprise me. IE is E-V-I-L. I was floored when IE executed JavaScript in a file that was .txt with the mime type set to text.
