Dodgy Tech Website?

[Ted]

Got a flyer stuffed through our door today for a local repair company called Doctor PC. Anyway, to cut a long story short, my sister managed to crack her laptop screen and I though I'd give this company a try. However, the flyer didn't list any prices so I tried to go onto their website to get some more information.

The odd thing is that my security software (ESET Smart Security), prevented me from getting there. It gave me a warning about a JS/Iframe.CX trojan and wouldn't allow their homepage to load.

I assume this must be a false positive or some kind of error. Surely a computer repair company wouldn't deliberately try and infect a computer would they. If that is their plan then I guess they'll be getting a lot of local business from folks who aren't running a decent firewall/security software when they visit.

I can't post a link due to my lack of posts, but the site is drpcuk.co.uk

I'd be interested to know if anyone else get the same trojan warning when accessing the site!

 

[compnet]

Chrome popped up a warning -

drpcuk.co.uk contains content from gigateria.in, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified gigateria.in that we found malware on the site. For more about the problems found on gigateria.in, visit the Google Safe Browsing diagnostic page.

And MSE found Trojan:JS/Redirector.JF - even though I didn't click proceed at the google warning page.

 

[iisjman07]

Couldn't see any actual infections on the site; there aren't any adverts that could've been infected either.

 

[codegreen]

Sucuri SiteCheck shows the site is infected: http://sitecheck.sucuri.net/results/drpcuk.co.uk

It's unlikely that the owner of the site is trying to infect visitors. What usually happens in these cases is that the CMS software they are using (Wordpress, Joomla, etc) has been compromised.

 

[Ted]

@compnet - just tried chrome and got the same warning.

@codegreen - Thanks. That's a really useful link which provides proof of infection.

I was so concerned that a company purporting to offer computer repairs could be the source of an infection that I also emailed ESET Support here in the UK to enquire about the nature of the trojan.

Good Afternoon,

Generally speaking we do not have comprehensive information about each infection on our database, simply because there are so many of them.

I can tell you that from the name of the infection “JS/IFrame.CX” -

JS = Java Script so there is a piece of JavaScript on this page which is malicious.

Iframe = A segment of HTML

CX = this is the variant, so does not stand for anything, is almost a numbering convention.

So this infection was acting on the website itself, it is not actually harmful unless you were redirected to the malware, (which ESET stopped you from doin)– think of this a bit like a shortcut to something, the shortcut itself cannot do any damage.

I can only hope that Doctor PC has been hacked and isn't trying to infect site visitors so they can create a need for their services. Kind of ironic though!

 

[Slaters Kustum Machines]

I would agree that it is ironic, but would give them the benefit of the doubt if you have no other reason to believe they are purposely doing this. Have you contacted them to inform them of the problem? I know it is a competitor.....

 

[rsarceno]

My guess it wasn't intentional. I just got back form a customer site that was blacklisted due to Malware. The issue was malicious banner ads. Removing the ad was easy. Requesting to be taken off blacklist will take several days.