Sites block

[abshakya 1]

Hello,

My developers team want to download to code from the following sites. But the Eset antivirus is blocking and notification with torjan alert. The download connection is terminate. May i know why the site is blacklisted.

hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.jar/data/url+page.200.txt

hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.jar

 

 

 

 

[Marcos 5,070]

The archive contains url+page.200.txt with a list of various urls and javascript code. There's also an obfuscated js which is detected. I wonder what is the purpose of the file and why it also contains obfuscated js.

[itman 1,659]

This appears to be a signature detection by Eset; JS/Kryptik.BP trojan. As such, it can be assumed the detected code in the archive download can be used for nefarious purposes.

[abshakya 1]

Hello,

Is there anything we can do. I have talked with my developer teams , the project is running on intellj. The file pom.xml redirect to the url 

1. hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.jar/data/url+page.200.txt 
2. hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.ja

This keep up generating alert notification. Can you look into this sites it is safe or not. If the sites is suspicious for trojan than I will blocked. I have also attached the pom.xml screenshot that redirect the url.

 

Edited September 3, 2020 by abshakya

[Marcos 5,070]

The detection is technically correct. It's an obfuscated redirector to a kind of pharmacy search which is detected. This is how it looks like after deobfuscation:

[itman 1,659]

I would ask conjars.org why this code exists in their provided Maven pom.xml file. It is possible they are not even aware of it.

[abshakya 1]

I will contact the conjars.org. Thank you for support.

Edited September 4, 2020 by abshakya