Jump to content

Recommended Posts

NOD just popped an alert when accessing this commercial website

 www.paulswarehouse.com.au/storefront/storeincludes/js/floatcart.js and several other pages 

terminated connection and quarantined.

 

When checking this site via virustotal is comes clean including Eset.  I submitted this but just wonder why there is a difference in detection?

Link to post
Share on other sites

That sounds like an HTTP Scanner detection, it scans the website content and if a threat is found in a script or Ad etc.. the connection is terminated and the threat is quarantined, or blocked.

 

VirusTotal does not use HTTP Scanners afaik, they only use URL blacklists provided by the vendors I think. 

But if the whole website would have been blocked by ESET and you would have seen the "access denied" message, then VirusTotal would also show that ESET detected it like "Malware site" or similar wording.

Link to post
Share on other sites

thanks SweX - yes, that explanation makes sense and matches what I noticed. Access was possible but then a number of alerts popped up, preventing certain connections but not the homepage

Link to post
Share on other sites
  • Administrators

I confirm that the detection is correct, it's not a false positive. If the above mentioned detection is triggered, the website was compromised and a malicious java script is injected into the web page.

Link to post
Share on other sites
Guest doctorbee

i manage several websites and have a couple of them compromised. one was purely html and had malicious code inserted. the two sites running php had the following common PHP code in a randomly named file.

Edited by Marcos
Malicious code removed
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...