TheESETuserTHATis 0 Posted December 14, 2021 Posted December 14, 2021 Our users are trying to access https://sourceone.nazdar.com/ but are getting message ..: Threat found JS/Spy.Banker.KF trojan If I run a virus total scan on the address https://www.virustotal.com/gui/url/5ee09f717ea29df9a0d87c1fd884cae447b8f10bd952500faa3456c727106e34/detection it comes up clean with all services except Quttera. But if I go to the Quttera site and run a scan on that address, it comes up clean. Can you determine if the threat is still active, and then either unblock them if the threat is not active or let us know specifically the infected file path so that we can contact the site owners to have them remove the threat?
Administrators Marcos 5,468 Posted December 14, 2021 Administrators Posted December 14, 2021 The website was compromised. Searching for "<style onload="var s = document.createElement('script');" should help you locate the malicious code.
Recommended Posts