Infected web page detected : GT:JS.Backdoor.2.D0DE3B58
Hi. I'm consistently getting a notification from BIS about the samples at
[*url removed by @Flexx*]
under the heading "Learning centre" (click "Explore!").
Infected web page detected
3 minutes ago
Feature:
Online Threat Prevention
We blocked this dangerous page for your protection:
[*url removed by @Flexx*]
Threat name: GT:JS.Backdoor.2.D0DE3B58
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.
Is this a real threat? I can understand the idea that maybe it's trying to do something to the browser that I might not prefer, but the "backdoor" naming of the threat makes it look more like a deliberate exploitation attempt to me. But if this is a legitimate site, then it can only be either a false positive or else they got hacked?
—DIVERSE
Comments
-
Hello.
Only the malware researchers at Bitdefender Labs can help you with the issue.
You should report the file(s) and/or the URL(s) as false positive to Bitdefender Labs here:
Regards.
0 -
Hi, Gjoksi.
Thanks for the tip.
Sorry if this is a naïve question, but how would I know if it's actually a false positive before I report it as a false positive?
Or do you think that my logic is good enough that because the website looks legitimate, then prima facie it may be a FP, so that's a reasonable basis to report it?
—DIVERSE
0 -
Hello again.
When visiting the site, this i what i get:
I'm not an IT expert, but i'm damn sure the site was hacked and is malicious.
If i were you, i would not visit it until the site is cleaned.
And that is the reason why i wrote: Only the malware researchers at Bitdefender Labs can help you in my comment above.
Regards.
1 -
The detection is correct. It is trojan downloader based on javascript.
Regards
OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)
1 -
0 -
@Gjoksi, In these scenario, you just copy all the text as it is and paste it in a notepad and then scan the notepad file on virustotal to check for anything malicious as I did above to get the virustotal link.
Regards
OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)
3
