Author Topic: Suspicious Script  (Read 445 times)

0 Members and 1 Guest are viewing this topic.

Offline Mr. Avast

  • Jr. Member
  • **
  • Posts: 40
Suspicious Script
« on: November 24, 2021, 05:38:21 PM »
A suspicious adware related script is loaded on the site:
Code: [Select]
https://usersdrive.com/Direct link to the script:
Code: [Select]
https://usersdrive.com/sw.jsVirustotal: https://www.virustotal.com/gui/file/b4d0636ff0f1dc289e603b054e769811676990ea4794419f61c8726daf1247bd/detection
The script is also detected by HTTPS scanners of ESET and Kaspersky's web protection module, which is not shown on Virustotal.
Kaspersky's detection:
https://opentip.kaspersky.com/b4d0636ff0f1dc289e603b054e769811676990ea4794419f61c8726daf1247bd/
Bitdefender created the signature after I submitted to them a couple of months ago.

Maybe Avast should detect it too by its HTTPS scanner.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33370
  • malware fighter
Re: Suspicious Script
« Reply #1 on: November 24, 2021, 10:32:36 PM »
It is a legit script that is abused by Razy malware malcreants to send malcreants statistics.

Re: https://coingeek.com/new-crypto-malware-versatile-extremely-dangerous/

Avast heuristics may detect this as a potential unwanted/unsafe application.

The site you mention is being blacklisted by McAfee's: https://sitecheck.sucuri.net/results/https/usersdrive.com/sw.js

File-sharing services like free usersdrive dot com should always be frowned upon. Free is not always free in the way you may think.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Mr. Avast

  • Jr. Member
  • **
  • Posts: 40
Re: Suspicious Script
« Reply #2 on: November 26, 2021, 12:10:17 PM »
Thanks for your input. Maybe Avast is not interested in adding any detection for it.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33370
  • malware fighter
Re: Suspicious Script
« Reply #3 on: November 26, 2021, 06:04:31 PM »
Hi Mr. Avast,

Cannot comment, really, because we all here are volunteers. We do not have influence in such respects.
It is for avast team to decide what definitions they will launch for genuine and also for heuristic detections.
Understandable, it is their product, their definitions....

Would be interesting to find what threat analyzing programs will come up with,
apart from what VT has to show us.

As long as JavaScript is around, since the days of Brendan Eich developing the language,
it has been a two-pointed sword in many respects.
I work retire.js, node.js. It still stays a real can of worms, somewhat like what php is in the hands of many developers.

A script blocker of sorts like NoScript and  uMatrix (alas now left by it's developer, probably because upcoming extension restrictions)
is a solution that always works against such threats (all of them, even those foreseeable in the future).

But end-users also have to reckon with what Big Tech and overseeing organizations have decided for us.
That's the world we live in. Have a good week.

polonus (volunteer third party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!