eclipse79 4 Posted March 30, 2023 Share Posted March 30, 2023 Hello, my Eset endpoint blocked a js file. The detetiont name is "JS/ScrInject.B". This is the URL: hxxps://www.ildiariodellavoro.it/wp-content/plugins/gshortcodes/assets/js/scripts.js?ver=6.1.1 IT technicians that mange the website told me that the file is secure. Anyway lot of systems consider it as dancerous. I tried using virustotal, some weeks ago only two engine found a security issue. Now four engine consider it as malicious. Does anyone help me? Is it really dangerous? Thanks Link to comment Share on other sites More sharing options...
itman 1,668 Posted March 30, 2023 Share Posted March 30, 2023 Quttera states the URL associated with the web site is clean: https://quttera.com/detailed_report/www.ildiariodellavoro.it . However reviewing the files it scanned, it did not scan the WP plug-in where Eset is detecting malicious code. Appears some type of code injection is occurring on the web site or server. I would stick with Eset's determination the web site contains malware. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted March 30, 2023 Administrators Share Posted March 30, 2023 There is no such js file: Oops! Page Not Found. It looks like nothing was found at this location. Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30, 2023 Author Share Posted March 30, 2023 5 minutes ago, Marcos said: There is no such js file: Oops! Page Not Found. It looks like nothing was found at this location. You are right. So, why eset gave the alert for this file? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted March 30, 2023 Administrators Share Posted March 30, 2023 Most likely the file has been removed in the mean time. Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30, 2023 Author Share Posted March 30, 2023 Just now, Marcos said: Most likely the file has been removed in the mean time. Maybe, but it should occurs right now: using virustotal, the file is considered yet as dangerous. I re-submitted the check right now. Perhaps virustotal has it in its cache... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted March 30, 2023 Administrators Share Posted March 30, 2023 Above is not the file in question but it's a check if the website was blacklisted by particular AV vendors. It doesn't tell anything about possible malware being there at the time of the check. Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30, 2023 Author Share Posted March 30, 2023 11 minutes ago, Marcos said: Above is not the file in question but it's a check if the website was blacklisted by particular AV vendors. It doesn't tell anything about possible malware being there at the time of the check. Thank you Link to comment Share on other sites More sharing options...
Nevermind 8 Posted March 30, 2023 Share Posted March 30, 2023 Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection. Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30, 2023 Author Share Posted March 30, 2023 1 minute ago, Nevermind said: Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection. I noticed... perhaps webmaster is working on it to delete references... Link to comment Share on other sites More sharing options...
Recommended Posts