eurobabeforum.com

Clicked in the banner and NOD 32 found a virus.

Which banner? Maybe a false-positive.

Main page one, can be try yourself:)

NOD32 is surely overparanoid, it's a false-positive.

I tested it, I'm pretty sure it's just some script they're using that is blocked as malicious. Anyway, it's not our problem. If someone comes up with evidence, I'll remove the benner.

My Avira AV software said this

Virus: HEUR/HTML.Malware
Type: AHeAD Heuristic special detection
In the wild: No
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: No

It's heuristic so completely probabilist detection. Many heuristic viruses are false-positive because algorithms fail.

Their site was hacked. All of their pages contain an iframe pointing to a php script at an ip address belonging to a Seattle, WA school district.

In other words, it is not a false positive

Ok, thank you, I'll remove it and drop them a line about it.
But it is in fact a form of hijacking, if you vjust clicked on the link nothing was installed.

sbando wrote:Ok, thank you, I'll remove it and drop them a line about it.
But it is in fact a form of hijacking, if you vjust clicked on the link nothing was installed.

You should know better than that. When working properly, it bounces around and ends up launching a junk pdf file, without user interaction, into Adobe Reader from a server hosted in Russia. If the person is using an outdated version of Internet Explorer, Adobe Reader, or anti-virus software, you can bet something bad will be installed.

People out there are just finally learning to keep Windows & Internet Explorer updated, but they always neglect Java & Reader. So anyone who reads this, update your software

You're correct, it's hijacking, but the infection/fishing will eventually happen. in any case it's not a good thing. But it's not us, so I'll just remove it.