Trojan frontpage

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Trojan frontpage

    Detected at: 25/08/2021 09:32:35

    Web address: https://www.landlordzone.co.uk/

    Reason: object is infected HEUR:Trojan.Script.Generic


    This might be something the Admin might want to have a look at.

    #2
    (Not a mod here but I am elsewhere so I did a quick check).

    VirusTotal results give a clean bill from 89 scanning engines, including Kaspersky:
    https://www.virustotal.com/gui/url/0...7c95/detection

    You might want to check that your particular Kaspersky is up to date.

    Comment


      #3
      Thank you nukecad, it is of course up to date but I don't believe it would be relevant regardless.

      The fact that it's not being detected, it does not mean it's safe. I just refreshed the page and still get this:
      Detected at: 25/08/2021 12:48:25
      Web address: https://www.landlordzone.co.uk/
      Reason: object is infected HEUR:Trojan.Script.Generic

      This can be for a variety of reasons and might have different results for different people. It could be an ad for example which is displayed to a small portion of people.

      Up to yesterday, this did not happen and it's something that I spotted today in the morning.

      Comment


        #4
        You are correct that the website has been infected. I have just visited a page on landlordzone.co.uk and was redirected to update my chrome (it was all fake). Closed the tab and revisited landlordzone again and it hasn't reappeared. This is a classic hack whereby it only appears for certain visitors under certain circumstances, so as to remain undetected.

        If I do a scan with a proper website malware scanner, the website comes up infected: landlordzone.co.uk - SiteCheck (sucuri.net)

        Is there an email address for the administrators so that we can tell them about a problem with their website? They won't necessarily know about it otherwise.

        Comment


          #5
          Sucuri actually run the malware protection on this forum.

          So if they are finding it they should be blocking and cleaning it.

          Comment


            #6
            Yes, I also noticed that the landlordzone.co.uk main website is protected by the Sucuri web firewall. However, this simply blocks certain external attacks from occurring in the first place. It does not automatically clean an already infected website.
            Sucuri will send the administrator a site scan periodically, so providing someone actually reads the email, hopefully it will be noticed and they can action the cleanup.

            Comment


              #7
              I'll le someone know, but for future reference this kind of thread belongs in the 'How to use these forums' area, not exactly obvious
              I also post as Mars_Mug when not moderating

              Comment

              Latest Activity

              Collapse

              Working...
              X