Ziceman 0 Posted November 1, 2023 Share Posted November 1, 2023 Hi All, It seems that ESET site blocking has become more sensitive during the past few weeks. Either that or the hacker activity has increased. We are getting several additional reports from our ESET customers that legitimate and frequently-visited web pages are triggered ESET threat alerts. The latest one is from a site from https://lowcostlifeinsurance.com Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 11/1/2023 11:01:34 AM;HTTP filter;file;https://lowcostlifeinsurance.com/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=5.2.1;JS/Agent.PHC trojan;connection terminated;LAPTOP-0RDIIQ2I\laura;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (469E259B884043AEDAC879A96356FB741F82DAA8).;14BBF351D2CA3AE54B537BC1AC8C25A758BCD2FD; Seems to be tied to this: https://lowcostlifeinsurance.com/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=5.2.1 Can anyone assist with confirmation on this before I have the client reach out to their web developer? Thanks! Stefan Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 1, 2023 Share Posted November 1, 2023 Web site is indeed infected with JavaScript malware: https://sitecheck.sucuri.net/results/https/lowcostlifeinsurance.com Link to comment Share on other sites More sharing options...
Ziceman 0 Posted November 1, 2023 Author Share Posted November 1, 2023 Thank you for the Sucuri check recommendation. That second opinion helps. Is there any reason none of the engines (including ESET) flagged the URL at VirusTotal? Is it a different type of scanning technology that is used there? Some others also do not detect it: https://www.sitelock.com/free-website-scan/?domain=lowcostlifeinsurance.com https://securityscan.getastra.com/malware-scanner?site=https%3A%2F%2Flowcostlifeinsurance.com#results Seems in this case ESET is likely correct, but it is somewhat frustrating to not have more consensus tools. Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 1, 2023 Share Posted November 1, 2023 (edited) 2 hours ago, Ziceman said: Is there any reason none of the engines (including ESET) flagged the URL at VirusTotal? Is it a different type of scanning technology that is used there? Eset URL detection at VT is by blacklist status only. I can't speak for the other vendors there, but suspect the same applies. Edited November 1, 2023 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 1, 2023 Share Posted November 1, 2023 44 minutes ago, Ziceman said: but it is somewhat frustrating to not have more consensus tools. There are many web site scanners available. Most are not free. Link to comment Share on other sites More sharing options...
Recommended Posts