object HEUR:Trojan.Script.Balada.gen ?

February 1

Good evening, I have detected the same message on the following page from a client who coincidentally received the same alert today. Can you help me validate if the page is infected or is a false positive?
https : //revistamujeractual.com/ → ! This infected link is disabled !

February 1

@durbqw Welcome.

I reported your URL to Kaspersky Virus Lab , please wait for the verdict.

February 2

@Berny Will there be any update?

February 2

@durbqw

It looks like your issue is still under investigation.
I will come back to you when the verdict is available.

February 2

@durbqw

In the meantime please see below the verdict that i just obtained from Kaspersky Virus Lab.

Quote

"Hello,

This is not a false alarm. This site is infected.
Here is the malicious code:
<...>{if (e.detail.popupId == "3823") {var uexbsh/ <...>
If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

Best regards, Xxxxxxxx Xxxxxxxx , Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700"

EDIT

↓ Please see malicious script ↓

Spoiler

February 2

@Berny

Thank you so much

object HEUR:Trojan.Script.Balada.gen ?

Recommended Posts

durbqw

Berny

durbqw

Berny

Berny

durbqw

Please sign in to comment

Forum

Products

Support

Personal Account