Guest Mridul Jr Posted September 5, 2021 Share Posted September 5, 2021 Hi , I have a banking website in my country named standard bank . Before entering the web , i checked it with VT but the result was clean . Then , when i entered the web , ESET detected a threat . Kindly let me know about the website and about the threat also . And is my computer safe now after the action taken by ESET ? Website ; hxxps://standardbankbd.com Threat detected by ESET : PHP/Webshell.NES trojan Action taken by ESET : connection terminated Thank you . Link to comment
itman 1,749 Posted September 5, 2021 Share Posted September 5, 2021 (edited) Hard to say on this one if Eset is detecting a false positive or not. The below screen shot scan by Sucuri web site scanner notes outdated PHP software is being used. This could indicate that it is exploitable. However, Sucuri did not detect any malware on the web site: An additional web site scan using Quttera's web site scanner found no malware on the web site. It is possible that malware injection is occurring upon direct access to the web site but the malware is smart enough not to trigger when it detects the site is externally being scanned. Edited September 6, 2021 by itman Link to comment
Guest Mridul Jr Posted September 6, 2021 Share Posted September 6, 2021 object address: hxxps://www.standardbankbd.com/Content/Images/Events/2.php.jpg Kindly investigate on the object address detected by ESET . By the way , When I was writing this reply , i needed to copy paste the detected object address . But wow ! When I just pasted the link , ESET detected a threat in my browser although I haven't even opened the link , just copy pasted . Kindly investigate the full matter . And please let me know if ESET cleans the threat fully . Thanks again Link to comment
Guest Mridul Jr Posted September 6, 2021 Share Posted September 6, 2021 5 minutes ago, Guest Mridul Jr said: object address: hxxps://www.standardbankbd.com/Content/Images/Events/2.php.jpg Recently I have scanned the object address with VT and 2 engines detected it as malicious ( sophos , Comodo Valkyrie Verdict) but ESET didn't detect anything . Link to comment
itman 1,749 Posted September 6, 2021 Share Posted September 6, 2021 17 hours ago, Guest Mridul Jr said: Recently I have scanned the object address with VT and 2 engines detected it as malicious ( sophos , Comodo Valkyrie Verdict) but ESET didn't detect anything . At best, VT results should be used as a rough approximation of status of what is being submitted. The reason why is given in this article: https://www.virusbulletin.com/uploads/pdf/magazine/2017/VB2017-Abrams.pdf To summarize, the products used at VT do not contain all features available for any given product. Link to comment
Administrators Marcos 5,277 Posted September 7, 2021 Administrators Share Posted September 7, 2021 The php script is indeed malicious and some other AVs detect it as well. Link to comment
Recommended Posts