beethoven 0 Posted August 14, 2013 Share Posted August 14, 2013 NOD just popped an alert when accessing this commercial website www.paulswarehouse.com.au/storefront/storeincludes/js/floatcart.js and several other pages terminated connection and quarantined. When checking this site via virustotal is comes clean including Eset. I submitted this but just wonder why there is a difference in detection? Link to comment Share on other sites More sharing options...
SweX 871 Posted August 14, 2013 Share Posted August 14, 2013 That sounds like an HTTP Scanner detection, it scans the website content and if a threat is found in a script or Ad etc.. the connection is terminated and the threat is quarantined, or blocked. VirusTotal does not use HTTP Scanners afaik, they only use URL blacklists provided by the vendors I think. But if the whole website would have been blocked by ESET and you would have seen the "access denied" message, then VirusTotal would also show that ESET detected it like "Malware site" or similar wording. Link to comment Share on other sites More sharing options...
beethoven 0 Posted August 14, 2013 Author Share Posted August 14, 2013 thanks SweX - yes, that explanation makes sense and matches what I noticed. Access was possible but then a number of alerts popped up, preventing certain connections but not the homepage Link to comment Share on other sites More sharing options...
SweX 871 Posted August 14, 2013 Share Posted August 14, 2013 You're welcome beethoven Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted August 14, 2013 Administrators Share Posted August 14, 2013 I confirm that the detection is correct, it's not a false positive. If the above mentioned detection is triggered, the website was compromised and a malicious java script is injected into the web page. Link to comment Share on other sites More sharing options...
Guest doctorbee Posted August 18, 2013 Share Posted August 18, 2013 (edited) i manage several websites and have a couple of them compromised. one was purely html and had malicious code inserted. the two sites running php had the following common PHP code in a randomly named file. Edited May 11, 2016 by Marcos Malicious code removed Link to comment Share on other sites More sharing options...
Recommended Posts