Jump to content

JS/ScrInject.B False positive?


Recommended Posts

Hello,

my Eset endpoint blocked a js file. The detetiont name is "JS/ScrInject.B". This is the URL:

hxxps://www.ildiariodellavoro.it/wp-content/plugins/gshortcodes/assets/js/scripts.js?ver=6.1.1

IT technicians that mange the website told me that the file is secure. Anyway lot of systems consider it as dancerous. I tried using virustotal, some weeks ago only two engine found a security issue. Now four engine consider it as malicious.

Does anyone help me? Is it really dangerous?

Thanks
 

Link to comment
Share on other sites

Quttera states the URL associated with the web site is clean: https://quttera.com/detailed_report/www.ildiariodellavoro.it . However reviewing the files it scanned, it did not scan the WP plug-in where Eset is detecting malicious code.

Appears some type of code injection is occurring on the web site or server. I would stick with Eset's determination the web site contains malware.

Link to comment
Share on other sites

  • Administrators

There is no such js file:

Oops! Page Not Found.

It looks like nothing was found at this location.

Link to comment
Share on other sites

5 minutes ago, Marcos said:

There is no such js file:

Oops! Page Not Found.

It looks like nothing was found at this location.

You are right. So, why eset gave the alert for this file?

Link to comment
Share on other sites

Just now, Marcos said:

Most likely the file has been removed in the mean time.

Maybe, but it should occurs right now: using virustotal, the file is considered yet as dangerous. I re-submitted the check right now. Perhaps virustotal has it in its cache...

false positive.png

Link to comment
Share on other sites

  • Administrators

Above is not the file in question but it's a check if the website was blacklisted by particular AV vendors. It doesn't tell anything about possible malware being there at the time of the check.

Link to comment
Share on other sites

11 minutes ago, Marcos said:

Above is not the file in question but it's a check if the website was blacklisted by particular AV vendors. It doesn't tell anything about possible malware being there at the time of the check.

Thank you

Link to comment
Share on other sites

Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection.

Link to comment
Share on other sites

1 minute ago, Nevermind said:

Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection.

I noticed... perhaps webmaster is working on it to delete references...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...