Eagle Rocket 0 Posted August 18, 2021 Share Posted August 18, 2021 On our staging server https://maxwellstagingsite.com/StagingGreen/ I keep getting ESET Smart Security results that there is a JS/Agent.OZD trojan, but on Sucuri it comes back as clean. I'm having trouble finding this malicious code. Where can I get error reports of the specific file location so I can remove it? Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted August 18, 2021 Administrators Share Posted August 18, 2021 The detection is correct. However, it looks like the website has already been cleaned. Link to comment Share on other sites More sharing options...
itman 1,629 Posted August 18, 2021 Share Posted August 18, 2021 (edited) The domain is blacklisted by Quttera and also URLhaus: https://quttera.com/detailed_report/maxwellstagingsite.com . Note that a blacklisting status is as severe malware status as it gets. -EDIT- Also, Quttera actually downloads whatever it can from a scanned web site versus Sucuri only scanning the web site. Sucuri also shows domain is additionally blacklisted by McAfee: https://sitecheck.sucuri.net/results/https/maxwellstagingsite.com Not appreciated is Eset now allows unrestricted access to this domain and noted URL. Edited August 18, 2021 by itman Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted August 18, 2021 ESET Insiders Share Posted August 18, 2021 Since it's blacklisted it isn't just Eset that the problem lies with. Isn't that what Smartscreen and Chrome Safe Browsing are supposed to block as well? Link to comment Share on other sites More sharing options...
itman 1,629 Posted August 18, 2021 Share Posted August 18, 2021 33 minutes ago, NewbyUser said: Isn't that what Smartscreen and Chrome Safe Browsing are supposed to block as well? SmartScreen in Edge didn't block access to the website. I don't use Chrome but doubtful it would be blocked by it. Assumed is Quttera, URLhaus, Sucrui, McAfee and possibly others blacklisted the site for content shown on the web site; deceptive, misleading, its downloads, etc.. Appears Eset doesn't care since it didn't even give it a PUA detection. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted August 18, 2021 ESET Insiders Share Posted August 18, 2021 Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. The Google Chrome, Safari, Firefox, Vivaldi, and GNOME Web browsers use the lists from the Google Safe Browsing service for checking pages against potential threats. Link to comment Share on other sites More sharing options...
itman 1,629 Posted August 18, 2021 Share Posted August 18, 2021 19 minutes ago, NewbyUser said: Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. Note that none of that criteria apparently applies to this domain. Yes, I forgot that Firefox also uses Chrome Safe Browsing and no detection by FF is being shown for the domain in question. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted August 19, 2021 ESET Insiders Share Posted August 19, 2021 Suddenly this detection is appearing everywhere. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted August 19, 2021 ESET Insiders Share Posted August 19, 2021 Curious why this isn't detected by the Mac version. Windows malware is still supposed to be detected afaik. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted August 19, 2021 Administrators Share Posted August 19, 2021 2 hours ago, NewbyUser said: Curious why this isn't detected by the Mac version. Windows malware is still supposed to be detected afaik. It's not not Windows but Javascript malware. On Mac ESET does not perform SSL filtering, ie. the content of https websites is not scanned. NewbyUser 1 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted August 19, 2021 ESET Insiders Share Posted August 19, 2021 Thanks @Marcos Link to comment Share on other sites More sharing options...
itman 1,629 Posted August 19, 2021 Share Posted August 19, 2021 11 hours ago, NewbyUser said: Suddenly this detection is appearing everywhere. Web site is definitely infected: https://sitecheck.sucuri.net/results/extremetech.com Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted August 19, 2021 Administrators Share Posted August 19, 2021 11 minutes ago, itman said: Web site is definitely infected: https://sitecheck.sucuri.net/results/extremetech.com Undoubtedly infected: Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted August 19, 2021 ESET Insiders Share Posted August 19, 2021 Wasn’t questioning the detection. Commenting that it’s appearing quite frequently Link to comment Share on other sites More sharing options...
Recommended Posts