Jump to content

JS/ScrInject.B Trojaner detected on suvbsites of biggest German news site focus.de


Recommended Posts

I am getting the Access to the web page was blocked. Threat: JS/ScrInject.B trojan message suddenly tonight on every link I attempt to click on with Facebook.  How is this remedied? 

Link to comment
Share on other sites

Kudos to ESET for fixing this unfortunate FP quickly, and to those questioning how effective and secure the QA testing is e.g before they release the updates. Well, look at the track record of previous FP cases that affects all users that downloads/receive a particular VSD update and you'll find the answer. This was more of a very annoying than serious FP in that it affected the web protection and what websites users could access and so forth, compared to a much more serious situation if it would have affected the OS and potentially critical files that could end in a disaster for many users. And before the "you always defend ESET"-people jumps on me. I can clarify that I don't defend ESET or the FP. I just see it for what it is/was - in the sense that it could have been much worse.

 

"If the detections are triggered after update to 13103 or higher, they should be correct. If you are unsure if a particular detection is ok or not, report it to the ESET Malware Research Lab"

hxxp://support.eset.com/alert5879/

Edited by SweX
Link to comment
Share on other sites

  • Administrators

Kudos to ESET for fixing this unfortunate FP quickly, and to those questioning how effective and secure the QA testing is e.g before they release the updates. Well, look at the track record of previous FP cases that affects all users that downloads/receive a particular VSD update and you'll find the answer. This was more of a very annoying than serious FP in that it affected the web protection and what websites users could access and so forth, compared to a much more serious situation if it would have affected the OS and potentially critical files that could end in a disaster for many users. And before the "you always defend ESET"-people jumps on me. I can clarify that I don't defend ESET or the FP. I just see it for what it is/was - in the sense that it could have been much worse.

 

In this case, the only way how to detect the FP during the pre-release QA tests would be by browsing websites using a specific java script as only web browsing was affected. The detection was triggered under certain non-deterministic circumstances and was an unfortunate coincidence of several things.

ESET pays attention to providing quality detection by using safe signatures, whitelisting critical files and performing pre-release QA tests.

Link to comment
Share on other sites

 

Kudos to ESET for fixing this unfortunate FP quickly, and to those questioning how effective and secure the QA testing is e.g before they release the updates. Well, look at the track record of previous FP cases that affects all users that downloads/receive a particular VSD update and you'll find the answer. This was more of a very annoying than serious FP in that it affected the web protection and what websites users could access and so forth, compared to a much more serious situation if it would have affected the OS and potentially critical files that could end in a disaster for many users. And before the "you always defend ESET"-people jumps on me. I can clarify that I don't defend ESET or the FP. I just see it for what it is/was - in the sense that it could have been much worse.

 

In this case, the only way how to detect the FP during the pre-release QA tests would be by browsing websites using a specific java script as only web browsing was affected. The detection was triggered under certain non-deterministic circumstances and was an unfortunate coincidence of several things.

ESET pays attention to providing quality detection by using safe signatures, whitelisting critical files and performing pre-release QA tests.

 

Yes, I know that ESET takes QA testing serious. But that may not be the case for all customers/users.

I had comments like the following in mind when I wrote "and to those questioning..."

 

"This also raises questions about how thoroughly ESET updates are tested before they are released!"

https://forum.eset.com/topic/7550-wrong-detection-website-infection-jsscrinjectb/?p=40746

 

P.S

Is there a Knowledge Base article about the Quality Assurance process ? At least I didn't find one right now when I looked. Just thinking it could be a good reference to have when FP situations like this happen so people can read about ESET's QA procedure that the VSD:s goes through before they are released - what the purpose is and why QA testing is very important.

Edited by SweX
Link to comment
Share on other sites

  • ESET Insiders

@Swex: This incident could be just an "annoying" FP, but this ocurred over what threat name?

As far as I know (and ironically), ScrInject and Phishing could be as simple as Autorun INF plain text?

Incidents like this makes me wonder if specific features like Exploit Blocker local mechanisms are enhanced with LiveGrid requests? . . .should enhance that precision and reduce any significant amount of affected users?

Link to comment
Share on other sites

  • Administrators

I got the same JS/ScrInject.B Trojan warning on Fox News website.

 

If you are getting this detection with the virus signature db 13103 or newer (the most current is 13109), the detection should be ok.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...