Jump to content

scrinject.b


Andrzej
 Share

Recommended Posts

  • Administrators

The detection is correct. You use StatCounter for analytical purposes, however, their website was hacked and instead of a legitimate analytical script counter.js it now servers JS/CoinMiner.BS.

You should temporarily remove the code related to StatCounter until they fix the breach and replace the script with a clean one.

Link to comment
Share on other sites

I have just spoken to Statcounter, and they are blatantly denying all knowledge of this hack. Every website I own, which is a lot, that has the Statcounter code on is showing the error on the attached image:

 

statcounter-issue.png

Link to comment
Share on other sites

Hi I am Rory with the Statcounter team.  We are investigating this issue right now. 

I have installed the eset security program and visited sites with Statcounter where people say we are injecting bad scripts.  I see no warnings or errors from the Eset program.  I have also used Google Safebrowsing tool to scan these sites and it reports no problems.  I have tried other sites which scan for malware and they also report no problems.

I have a special test page which only loads Statcounter.  On this page Eset also gives no error or warning and when I check the network traffic there is nothing being loaded except Statcounter.

If Statcounter was hacked and inserting bad scripts I should see it on my end also since I have Eset installed.  But this is not the case.  So this clue tells us perhaps something else is going on.

Kind regards,
Rory
Statcounter Team

Link to comment
Share on other sites

Another reply from Statcounter on this situation:

 

Hi and thanks for your patience. I have installed Eset and visited your site and others where people say this problem happens. Eset gives me no warning or popup of any kind. Here is a screen shot showing me at your site with Eset open and all security features enabled:

(removed but it was an image of my website, and did not show any virus, etc)

I have also tested your site using the Google Safe Browsing tool and it reports no problems with your site or Statcounter. I have also tested your site in 2 other tools which do security checks and they report nothing. If you wish to double check my results here are the tools I used:

https://app.webinspector.com/

https://sitecheck.sucuri.net/results/https/www.(removed)

https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2F(removed)%2F

We will continue to investigate this and try to figure out why Eset was showing this warning. All things considered if there was a problem I should see the same Eset warning and the marlware checking sites should have reported something. However this is not the case.

Thanks for your patience!

 

Link to comment
Share on other sites

PS: I think they may have solved this now, and the pop up is not showing anymore.?

 

I spoke too soon, seems it is fixed on websites with Statcounter wordpress plugins, but not for websites that are using direct Statcounter html code!

 

Update: It now seems this has been fixed. A little strange though that a business the size of Statcounter, with millions of users,  were not aware of the situation, but hopefully that has now completely eradicated the problem.

 

Thank you to Eset, who I have used for years, and always been pleased with their product and service, and thank you to Statcounter for being open to investigation when situations like this arise. .

 

 

 

 

Edited by Steven-UK
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...