I just went to americantangoinstitute.com and Avast intervened, saving my computer at the last minute from malware. It said the potential threat was from lframe.inf.
Could this dance studio’s website have been hacked? Is this a common way to spread malware?
FWIW Avira also thinks it’s infected.
This kind of thing (infecting bona fide web sites using an unpatched vulnerability in the OS or server software, in order to spread malware to the site’s visitors) seems to be reasonably common. I recall encountering it on one of every few hundreds of sites I visit.
Simplified, an iframe is a way of embedding one website inside of another. A lot of ads are delivered that way and the owner of the actual site has no real control over what is displayed in the iframe.
In this case it could be that one of the ads that it is trying to display has malware in it; the main site may have nothing to do with it.
It’s probably ads, I see a lot infections from ad networks. They really need to do a better job of vetting the ad banners before they are allowed to be served to the world.
I don’t know that it’s a “vetting” problem, IIRC the problem is with ad servers which have been compromised.
Maybe that’s it. Well in that case they need better security on the ad servers.
My theory was that that people were being allowed to upload ads to the network without them being checked first. Even if they are checked, I could see ways that the malware authors could get around detection; for example a payload could happen if the user’s doman is aol.com but not googleads.com.
Yes, that web site has been hacked to include malware via an iframe. Yes, it’s very common.
It is not so much that they are compromised, as they fail to maintain security over the ads they allow. A common technique used by spyware outfitsis to post a clean ad for a while, then swap in a dirty ad that infects computers for a short period. By the time anyone notices and reports the problem, they have switched back to the clean ad and claim innocence. The problem is allowing advertisers to control their ads in this way. Brokers need to check all ads, then not allow advertisers to make changes until the new ad has been checked. I suspect that would require a lot more manhours to oversee, so ad brokers don’t like to do that.
Last year Avast blocked some content from the NYTimes.com. I thought, “This can’t be right”, but it was. Same problem with bad third party ads.
Though the problems raised with third party ads are valid, that’s not the cause of the warning on the site listed in the OP. It has definitely been hacked.
I don’t suggest waiting for the ad companies to get their shit together, or expecting that the sites you frequent will stop using ads. You have the power to browse with an adblocker.