false positive?

Discussion in 'ESET NOD32 Antivirus' started by Marshall39, Mar 14, 2010.

Thread Status:
Not open for further replies.
  1. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Hi,
    When I try to open Agnitum Outpost Firewall webpage I get this message from Nod32: HTML/Iframe.C.Gen virus
    Is it a false positive or really a virus?
    The website is [noparse]agnitum.fr[/noparse]

    Thanks
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I visited the site in question and obtained the same detection as you.
    File submitted to ESET for analysis.
     
    Last edited: Mar 15, 2010
  3. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Hidden IFRAMEs are inserted after the end HTML tag.
    This is a technique used by hackers and malware writers and it is not expected to be seen in the clean legitimate pages. Unfortunately it seems the code was inserted there by the owners because it silently loads URLs from agnitum.com, agnitum.de, agnitum.ru.
    My colleagues will try to adjust this detection. We would appreciate the legitimate web-designers to avoid such techniques in the future.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thank you for this information, the detection was either removed or Agnitum has removed the iFrame tag. At least at agnitum.fr
     
  5. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Thank you for your reply:) I was also surprised that agnitume would be hacked but you never know...cheers
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    It's not that the Agnitum sites were hacked per se, the iFrame tag was causing the flag, although I do not know if it has been removed from all Agnitum country sites.

    Agnitum.fr (France), appears to have remedied this issue, for now.
     
Thread Status:
Not open for further replies.