Jump to content

Possible false positive


Recommended Posts

www.texel.co.uk

 

No issues with Firefox or Chrome, but when visiting with IE11, ESET 6.2.2033 flags the site with JS/Kryptik.AYR trojan. Can anyone confirm (or otherwise) if this is a false positive please?

 

Many thanks

 

 

Jim

Link to comment
Share on other sites

  • Most Valued Members

i checked the link of the OP, the entire website is blocked only when using IE, on other browsers it's not blocked by eset.

Link to comment
Share on other sites

  • ESET Insiders

The java script in question is only triggered if Internet Explorer is detected (via the user agent) as the browser being used.

Link to comment
Share on other sites

  • Administrators

The java script in question is only triggered if Internet Explorer is detected (via the user agent) as the browser being used.

 

Right. The malicious script is injected only if certain conditions are met. I believe there are also other conditions than just a check for user-agent as I'm not always able to reproduce the detection with IE.

Link to comment
Share on other sites

My company is getting numerous hits in ERAS for endpoints hitting random sites with the exact same threat name "  JS/Kryptik.AYR Trojan ". All of these started triggering 2015-12-19. and has been everyday since.  We have not had any hits on this signature before.  Does anyone know what exactly  the script is trying to do?

 
hxxp://jaspersthewoodlands.com JS/Kryptik.AYR trojan

hxxp://lunkerquest.com/gallery/lunkers JS/Kryptik.AYR trojan

hxxp://wimberleyview.com/articles/sports JS/Kryptik.AYR trojan

hxxp://www.armaglock.com/product/armaglock JS/Kryptik.AYR trojan

hxxp://www.armaglock.com/shop JS/Kryptik.AYR trojan

hxxp://www.brotherskeepersmc.com JS/Kryptik.AYR trojan

hxxp://www.brotherskeepersmc.com/index.php/about-us JS/Kryptik.AYR trojan

hxxp://www.brotherskeepersmc.com/index.php/component/content JS/Kryptik.AYR trojan

hxxp://www.coldcreekranch.com JS/Kryptik.AYR trojan

hxxp://www.coldcreekranch.com/fallow.html JS/Kryptik.AYR trojan

hxxp://www.elnidoresorts.com JS/Kryptik.AYR trojan

hxxp://www.elnidoresorts.com/lagen-island JS/Kryptik.AYR trojan

hxxp://www.mamatrains.com JS/Kryptik.AYR trojan

hxxp://www.mamatrains.com/index.php/admissions-and-courses/deck-courses JS/Kryptik.AYR trojan

hxxp://www.norguard.com/fall-protection-products/rescue-systems/gotcha-kit JS/Kryptik.AYR trojan

hxxp://www.salononkirby.com JS/Kryptik.AYR trojan

hxxp://www.soeholmmarine.dk/en JS/Kryptik.AYR trojan

hxxp://www.webshellba.com/super-luxury-cars-future-best-wallpaper-hd-sjmgf/super-luxury-cars-future-best-wallpaper-hd-sjmgf-future-car-trends-for-desktop-car JS/Kryptik.AYR trojan

Edited by AdeptusMechanicus
removed links
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...