Jump to content

JS/Agent.OZD false positive?

Eagle Rocket
 Share

Recommended Posts

Eagle Rocket

Eagle Rocket 0

Posted
Posted

On our staging server https://maxwellstagingsite.com/StagingGreen/ I keep getting ESET Smart Security results that there is a JS/Agent.OZD trojan, but on Sucuri it comes back as clean. 

I'm having trouble finding this malicious code. Where can I get error reports of the specific file location so I can remove it?

Thanks!

Link to comment
Share on other sites
itman

itman 1,629

Posted
Posted (edited)

The domain is blacklisted by Quttera and also URLhaus: https://quttera.com/detailed_report/maxwellstagingsite.com .

Note that a blacklisting status is as severe malware status as it gets.

-EDIT- Also, Quttera actually downloads whatever it can from a scanned web site versus Sucuri only scanning the web site.

Sucuri also shows domain is additionally blacklisted by McAfee: https://sitecheck.sucuri.net/results/https/maxwellstagingsite.com

Not appreciated is Eset now allows unrestricted access to this domain and noted URL.

Edited by itman
Link to comment
Share on other sites
  • ESET Insiders
NewbyUser

NewbyUser 72

Posted
  • ESET Insiders
Posted

Since it's blacklisted it isn't just Eset that the problem lies with. Isn't that what Smartscreen and Chrome Safe Browsing are supposed to block as well?

 

Link to comment
Share on other sites
itman

itman 1,629

Posted
Posted
33 minutes ago, NewbyUser said:

Isn't that what Smartscreen and Chrome Safe Browsing are supposed to block as well?

SmartScreen in Edge didn't block access to the website. I don't use Chrome but doubtful it would be blocked by it.

Assumed is Quttera, URLhaus, Sucrui, McAfee and possibly others blacklisted the site for content shown on the web site; deceptive, misleading, its downloads, etc.. Appears Eset doesn't care since it didn't even give it a PUA detection.

Link to comment
Share on other sites
  • ESET Insiders
NewbyUser

NewbyUser 72

Posted
  • ESET Insiders
Posted

Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. The Google Chrome, Safari, Firefox, Vivaldi, and GNOME Web browsers use the lists from the Google Safe Browsing service for checking pages against potential threats.

Link to comment
Share on other sites
itman

itman 1,629

Posted
Posted
19 minutes ago, NewbyUser said:

Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content.

Note that none of that criteria apparently applies to this domain. 

Yes, I forgot that Firefox also uses Chrome Safe Browsing and no detection by FF is being shown for the domain in question.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,919

Posted
  • Administrators
Posted
2 hours ago, NewbyUser said:

Curious why this isn't detected by the Mac version. Windows malware is still supposed to be detected afaik.

It's not not Windows but Javascript malware. On Mac ESET does not perform SSL filtering, ie. the content of https websites is not scanned.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...