HK_ 0 Posted July 24, 2022 Share Posted July 24, 2022 ESET detected Scrinject.B trojan and blocked a website that I tried to access. I also scanned the site on other online scanning services and here is what I got: Quttera's report: https://quttera.com/detailed_report/cryptodaily.co.uk Virustotal's report: https://www.virustotal.com/gui/url/071d96526c8afdf19317d155e763dae81755272f1c16fe5168179a9d477ebd7f The results are not in line with the ESET detection. Per Quettera's report, they didn't detect trojan and every detection is about this particular domain doubleclick.net which seems to have been known as an ad-serving domain for many websites. I would like to confirm the ESET detection is correct. Whether the site really had a trojan file embedded or it's simply the site had the reference to the ad-serving domain in its code but false detected as trojan? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,298 Posted July 24, 2022 Administrators Share Posted July 24, 2022 If you are an owner of the website, please remove all references to finized.co. Link to comment Share on other sites More sharing options...
HK_ 0 Posted July 24, 2022 Author Share Posted July 24, 2022 (edited) 6 minutes ago, Marcos said: If you are an owner of the website, please remove all references to finized.co. Thanks for the reply. No, I am not the owner of the website. And Im not tech savvy enough, but where did finized.co. come from? Are you saying that the detection was simply caused by the reference to the domain? i.e. no trojan? I am confused. Edited July 24, 2022 by HK_ typo Link to comment Share on other sites More sharing options...
Administrators Marcos 5,298 Posted July 24, 2022 Administrators Share Posted July 24, 2022 2 hours ago, HK_ said: Thanks for the reply. No, I am not the owner of the website. And Im not tech savvy enough, but where did finized.co. come from? That's a question for the owner of the website. 2 hours ago, HK_ said: Are you saying that the detection was simply caused by the reference to the domain? i.e. no trojan? The site doesn't seem to serve any useful content. Moreover, malware was detected on it. Link to comment Share on other sites More sharing options...
HK_ 0 Posted July 24, 2022 Author Share Posted July 24, 2022 (edited) 56 minutes ago, Marcos said: That's a question for the owner of the website. No, I meant how did you come to the fact that "the site has a reference to finized.co"? Does Quterra report mention about finized.co? https://quttera.com/detailed_report/cryptodaily.co.uk Edited July 24, 2022 by HK_ clarification Link to comment Share on other sites More sharing options...
Administrators Marcos 5,298 Posted July 24, 2022 Administrators Share Posted July 24, 2022 Link to comment Share on other sites More sharing options...
HK_ 0 Posted July 24, 2022 Author Share Posted July 24, 2022 5 minutes ago, Marcos said: Uhhh.. Okay, do you mind elaborating a bit? (As I said Im not too technical) I know this is a hex editor but is this a malware itself or the website? Link to comment Share on other sites More sharing options...
itman 1,758 Posted July 24, 2022 Share Posted July 24, 2022 (edited) 9 hours ago, HK_ said: Quttera's report: https://quttera.com/detailed_report/cryptodaily.co.uk Quttera detected 31 malicious files scattered throughout web site references all having the same detection: Detected reference to malicious blacklisted domain securepubads.g.doubleclick.net Edited July 24, 2022 by itman HK_ 1 Link to comment Share on other sites More sharing options...
itman 1,758 Posted July 24, 2022 Share Posted July 24, 2022 Also scumware.org detects malware on the web site which is the basis for Eset's detection I believe: HK_ 1 Link to comment Share on other sites More sharing options...
itman 1,758 Posted July 24, 2022 Share Posted July 24, 2022 I will also note that this web site can be accessed fine when using Eset if a good adblocker browser extension such as uBlock Origin is deployed. This is because the adblocker is preventing the malicious ad source from rendering as shown in the below screen shot: HK_ 1 Link to comment Share on other sites More sharing options...
Recommended Posts