Ziceman 0 Posted November 1 Share Posted November 1 Hi All, It seems that ESET site blocking has become more sensitive during the past few weeks. Either that or the hacker activity has increased. We are getting several additional reports from our ESET customers that legitimate and frequently-visited web pages are triggered ESET threat alerts. The latest one is from a site from https://lowcostlifeinsurance.com Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 11/1/2023 11:01:34 AM;HTTP filter;file;https://lowcostlifeinsurance.com/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=5.2.1;JS/Agent.PHC trojan;connection terminated;LAPTOP-0RDIIQ2I\laura;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (469E259B884043AEDAC879A96356FB741F82DAA8).;14BBF351D2CA3AE54B537BC1AC8C25A758BCD2FD; Seems to be tied to this: https://lowcostlifeinsurance.com/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=5.2.1 Can anyone assist with confirmation on this before I have the client reach out to their web developer? Thanks! Stefan Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 1 Share Posted November 1 Web site is indeed infected with JavaScript malware: https://sitecheck.sucuri.net/results/https/lowcostlifeinsurance.com Quote Link to comment Share on other sites More sharing options...
Ziceman 0 Posted November 1 Author Share Posted November 1 Thank you for the Sucuri check recommendation. That second opinion helps. Is there any reason none of the engines (including ESET) flagged the URL at VirusTotal? Is it a different type of scanning technology that is used there? Some others also do not detect it: https://www.sitelock.com/free-website-scan/?domain=lowcostlifeinsurance.com https://securityscan.getastra.com/malware-scanner?site=https%3A%2F%2Flowcostlifeinsurance.com#results Seems in this case ESET is likely correct, but it is somewhat frustrating to not have more consensus tools. Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 1 Share Posted November 1 (edited) 2 hours ago, Ziceman said: Is there any reason none of the engines (including ESET) flagged the URL at VirusTotal? Is it a different type of scanning technology that is used there? Eset URL detection at VT is by blacklist status only. I can't speak for the other vendors there, but suspect the same applies. Edited November 1 by itman Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 1 Share Posted November 1 44 minutes ago, Ziceman said: but it is somewhat frustrating to not have more consensus tools. There are many web site scanners available. Most are not free. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.