Jump to content

Archived

This topic is now archived and is closed to further replies.

User

JS/ScrInject.B Trojaner detected on suvbsites of biggest German news site focus.de

Recommended Posts

We encounter the same error for all users of our society. 


On all web app used and google to 

Share this post


Link to post
Share on other sites

I am getting the Access to the web page was blocked. Threat: JS/ScrInject.B trojan message suddenly tonight on every link I attempt to click on with Facebook.  How is this remedied? 

Share this post


Link to post
Share on other sites

Same here

 

Multiple sites affected by this issue

 

Eset update your def files asap!

Share this post


Link to post
Share on other sites

Kudos to ESET for fixing this unfortunate FP quickly, and to those questioning how effective and secure the QA testing is e.g before they release the updates. Well, look at the track record of previous FP cases that affects all users that downloads/receive a particular VSD update and you'll find the answer. This was more of a very annoying than serious FP in that it affected the web protection and what websites users could access and so forth, compared to a much more serious situation if it would have affected the OS and potentially critical files that could end in a disaster for many users. And before the "you always defend ESET"-people jumps on me. I can clarify that I don't defend ESET or the FP. I just see it for what it is/was - in the sense that it could have been much worse.

 

"If the detections are triggered after update to 13103 or higher, they should be correct. If you are unsure if a particular detection is ok or not, report it to the ESET Malware Research Lab"

hxxp://support.eset.com/alert5879/

Share this post


Link to post
Share on other sites

Kudos to ESET for fixing this unfortunate FP quickly, and to those questioning how effective and secure the QA testing is e.g before they release the updates. Well, look at the track record of previous FP cases that affects all users that downloads/receive a particular VSD update and you'll find the answer. This was more of a very annoying than serious FP in that it affected the web protection and what websites users could access and so forth, compared to a much more serious situation if it would have affected the OS and potentially critical files that could end in a disaster for many users. And before the "you always defend ESET"-people jumps on me. I can clarify that I don't defend ESET or the FP. I just see it for what it is/was - in the sense that it could have been much worse.

 

In this case, the only way how to detect the FP during the pre-release QA tests would be by browsing websites using a specific java script as only web browsing was affected. The detection was triggered under certain non-deterministic circumstances and was an unfortunate coincidence of several things.

ESET pays attention to providing quality detection by using safe signatures, whitelisting critical files and performing pre-release QA tests.

Share this post


Link to post
Share on other sites

 

Kudos to ESET for fixing this unfortunate FP quickly, and to those questioning how effective and secure the QA testing is e.g before they release the updates. Well, look at the track record of previous FP cases that affects all users that downloads/receive a particular VSD update and you'll find the answer. This was more of a very annoying than serious FP in that it affected the web protection and what websites users could access and so forth, compared to a much more serious situation if it would have affected the OS and potentially critical files that could end in a disaster for many users. And before the "you always defend ESET"-people jumps on me. I can clarify that I don't defend ESET or the FP. I just see it for what it is/was - in the sense that it could have been much worse.

 

In this case, the only way how to detect the FP during the pre-release QA tests would be by browsing websites using a specific java script as only web browsing was affected. The detection was triggered under certain non-deterministic circumstances and was an unfortunate coincidence of several things.

ESET pays attention to providing quality detection by using safe signatures, whitelisting critical files and performing pre-release QA tests.

 

Yes, I know that ESET takes QA testing serious. But that may not be the case for all customers/users.

I had comments like the following in mind when I wrote "and to those questioning..."

 

"This also raises questions about how thoroughly ESET updates are tested before they are released!"

https://forum.eset.com/topic/7550-wrong-detection-website-infection-jsscrinjectb/?p=40746

 

P.S

Is there a Knowledge Base article about the Quality Assurance process ? At least I didn't find one right now when I looked. Just thinking it could be a good reference to have when FP situations like this happen so people can read about ESET's QA procedure that the VSD:s goes through before they are released - what the purpose is and why QA testing is very important.

Share this post


Link to post
Share on other sites

@Swex: This incident could be just an "annoying" FP, but this ocurred over what threat name?

As far as I know (and ironically), ScrInject and Phishing could be as simple as Autorun INF plain text?

Incidents like this makes me wonder if specific features like Exploit Blocker local mechanisms are enhanced with LiveGrid requests? . . .should enhance that precision and reduce any significant amount of affected users?

Share this post


Link to post
Share on other sites

I got the same JS/ScrInject.B Trojan warning on Fox News website.

 

If you are getting this detection with the virus signature db 13103 or newer (the most current is 13109), the detection should be ok.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...