trojan JS/Kryptik.anQ

[beethoven 0]

NOD just popped an alert when accessing this commercial website

 www.paulswarehouse.com.au/storefront/storeincludes/js/floatcart.js and several other pages 

terminated connection and quarantined.

 

When checking this site via virustotal is comes clean including Eset.  I submitted this but just wonder why there is a difference in detection?

[SweX 871]

That sounds like an HTTP Scanner detection, it scans the website content and if a threat is found in a script or Ad etc.. the connection is terminated and the threat is quarantined, or blocked.

 

VirusTotal does not use HTTP Scanners afaik, they only use URL blacklists provided by the vendors I think. 

But if the whole website would have been blocked by ESET and you would have seen the "access denied" message, then VirusTotal would also show that ESET detected it like "Malware site" or similar wording.

[beethoven 0]

thanks SweX - yes, that explanation makes sense and matches what I noticed. Access was possible but then a number of alerts popped up, preventing certain connections but not the homepage

[SweX 871]

You're welcome beethoven

[Marcos 5,070]

I confirm that the detection is correct, it's not a false positive. If the above mentioned detection is triggered, the website was compromised and a malicious java script is injected into the web page.

[Guest doctorbee]

i manage several websites and have a couple of them compromised. one was purely html and had malicious code inserted. the two sites running php had the following common PHP code in a randomly named file.

Edited May 11, 2016 by Marcos
Malicious code removed