Hi,

I keep receiving every few minutes an alert message about a "web attack: malicious toolkit iframe injection 3", coming from 74.220.207.71, origin broadintel.com 

I've difficulties understanding the detailed message. Here is its translation in English (I've a French NIS install): the network traffic incoming from 74.220.207.71 has a known attack signature. The attack is originated by \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\NORTON ONLINE\ENGINE\2.1.0.23\CCSVCHST.EXE (then follows instructions how to disable receiving same messages again).

If I correctly understand, the attack should be originated by accessing a malicious or compromised web site redirecting to a page where the attacker tries to inject trojans on the PC.

Now, to my knowledge applications on the PC were not visiting such page, and looks application accessing the page was NIS itself, while I would expect here appearing something else (i.e. firefox, if web browser was the guilty app).

Any help from the community?

Thanks,

g.

[edit: Please do not direct link to dangerous websites per the Participation Guidelines and Terms of Service.]