TheESETuserTHATis 0 Posted December 14, 2021 Share Posted December 14, 2021 Our users are trying to access https://sourceone.nazdar.com/ but are getting message ..: Threat found JS/Spy.Banker.KF trojan If I run a virus total scan on the address https://www.virustotal.com/gui/url/5ee09f717ea29df9a0d87c1fd884cae447b8f10bd952500faa3456c727106e34/detection it comes up clean with all services except Quttera. But if I go to the Quttera site and run a scan on that address, it comes up clean. Can you determine if the threat is still active, and then either unblock them if the threat is not active or let us know specifically the infected file path so that we can contact the site owners to have them remove the threat? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 14, 2021 Administrators Share Posted December 14, 2021 The website was compromised. Searching for "<style onload="var s = document.createElement('script');" should help you locate the malicious code. Link to comment Share on other sites More sharing options...
Recommended Posts