jimwillsher 65 Posted May 22, 2013 Share Posted May 22, 2013 (edited) Hi One of the websites I manage links to this page: hxxp://www.360pix.co.uk/tours/ros scoproperties/grangelanetradepark/ If you open that page in Firefox, you get no warning. if you open it in IE10 the page is blocked with a "JS/Iframe.IB trojan" warning. If you close the IE10 browser, re-open it, and visit the same page, it plays fine with no warning. EAVBE 5.0.2126.0, defs 8362. is it a rogue message showing in IE10? Or is there a reason why Firefox isn't detecting it? Many thanks Jim EDIT Oops, wrong forum. Should be in the EAVBE / Endpoint forum. Edited May 22, 2013 by Marcos Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 22, 2013 Administrators Share Posted May 22, 2013 Look at the first line of the html code, it most likely contains a malicious script with an iframe. Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted May 23, 2013 Author Share Posted May 23, 2013 Thanks Marcos. But why would ESET not trigger any error when the page is viewed from Firefox, only from IE? Jim Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 23, 2013 Administrators Share Posted May 23, 2013 Thanks Marcos. But why would ESET not trigger any error when the page is viewed from Firefox, only from IE? Jim Script malware is often injected only if certain conditions are met, e.g. if a specific browser is used. Link to comment Share on other sites More sharing options...
webyourbusiness 4 Posted June 4, 2013 Share Posted June 4, 2013 you can generally test these types of things yourself if you have access to a linux box and the command line "wget":first a standard "wget": [testuser@testbox test]# wget hxxp://www.360pix.co.uk/tours/ros scoproperties/grangelanetradepark/--2013-06-04 05:29:33-- hxxp://www.360pix.co.uk/tours/rosResolving www.360pix.co.uk... 109.228.26.6Connecting to www.360pix.co.uk|109.228.26.6|:80... connected.HTTP request sent, awaiting response... 404 Not Found2013-06-04 05:29:34 ERROR 404: Not Found.--2013-06-04 05:29:34-- hxxp://scoproperties/grangelanetradepark/Resolving scoproperties... failed: Name or service not known.wget: unable to resolve host address `scoproperties'[testuser@testbox test]# Note how even a standard wget command is immediately redirected to a domain that is invalid - that's a really big sign that something is amiss.Next, if the file was downloaded, I would view the source - and if the source revealed nothing (which it did not here) - then I would run a couple of wget commands with different user-agent strings - if the file doesn't redirect and fail (they rarely do) - examining the resulting HTML file that download often yields a javascript or iframe embedded into the site code. Link to comment Share on other sites More sharing options...
Recommended Posts