abshakya 1 Posted August 31, 2020 Share Posted August 31, 2020 Hello, My developers team want to download to code from the following sites. But the Eset antivirus is blocking and notification with torjan alert. The download connection is terminate. May i know why the site is blacklisted. hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.jar/data/url+page.200.txt hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.jar Link to comment Share on other sites More sharing options...
Administrators Marcos 4,842 Posted September 1, 2020 Administrators Share Posted September 1, 2020 The archive contains url+page.200.txt with a list of various urls and javascript code. There's also an obfuscated js which is detected. I wonder what is the purpose of the file and why it also contains obfuscated js. Link to comment Share on other sites More sharing options...
itman 1,602 Posted September 1, 2020 Share Posted September 1, 2020 This appears to be a signature detection by Eset; JS/Kryptik.BP trojan. As such, it can be assumed the detected code in the archive download can be used for nefarious purposes. Link to comment Share on other sites More sharing options...
abshakya 1 Posted September 3, 2020 Author Share Posted September 3, 2020 (edited) Hello, Is there anything we can do. I have talked with my developer teams , the project is running on intellj. The file pom.xml redirect to the url hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.jar/data/url+page.200.txt hxxp://conjars.org/repo/cascading/cascading-test/2.0.8/cascading-test-2.0.8.ja This keep up generating alert notification. Can you look into this sites it is safe or not. If the sites is suspicious for trojan than I will blocked. I have also attached the pom.xml screenshot that redirect the url. Edited September 3, 2020 by abshakya Link to comment Share on other sites More sharing options...
Administrators Marcos 4,842 Posted September 3, 2020 Administrators Share Posted September 3, 2020 The detection is technically correct. It's an obfuscated redirector to a kind of pharmacy search which is detected. This is how it looks like after deobfuscation: notimportant 1 Link to comment Share on other sites More sharing options...
itman 1,602 Posted September 3, 2020 Share Posted September 3, 2020 I would ask conjars.org why this code exists in their provided Maven pom.xml file. It is possible they are not even aware of it. Link to comment Share on other sites More sharing options...
abshakya 1 Posted September 4, 2020 Author Share Posted September 4, 2020 (edited) I will contact the conjars.org. Thank you for support. Edited September 4, 2020 by abshakya Aryeh Goretsky 1 Link to comment Share on other sites More sharing options...
Recommended Posts