Sunday, July 1, 2007

Hotmail has javascript trojan?

Hotmail contains trojan? One of the javascript loaded in Hotmail was identified as JS/Tivso.14a.gen trojan by NOD32. I think it only happens after NOD32 was updated to virus signature 2365 that released on 30th June. Strange thing is it detects nothing when using Firefox to open the website, but when I tried with IE, after few clicks on the left side menu, NOD32 shown alert when the javascript was loaded. Is it really a threat or NOD32 is just too sensitive?



UPDATE:
It was a false positive, there was a bug
in virus signature 2365, problem fixed after updated to virus signature 2366(1st July) that just released.

UPDATE:
According to ESET, false positive was not totally solved, the generic signature covering JS/Tivso.13a.gen also would generate a false positive. Misdetection solved after virus signature 2368 was released. Details at ESET Threat Center Blog.

9 comments:

Anonymous said...

yeah, I have the same problem when I try to open www.imageshack.us and some other foreign web pages.

Anonymous said...

I saw the same thing on a banner ad on mail.yahoo.com.

Anonymous said...

Same thing happens to me when I load Fark.com on IE, Firefox causes no problem. It just started today.

Anonymous said...

same prob as when i hit Ve3d.com
nod32 gave me a trojan alert and i cleaned it.
norton trial detected nothing, nor did Trend alert....odd?

Anonymous said...

eyeblaster ign/burstingcachedscripsts/edbannermain
nod32 info;

Anonymous said...

same thing on yahoo mail

now apears a thing "generic host process for win32..."

Anonymous said...

I've also just recieved a banner advert trying to load the same javascript file, infected with JS/Tivso.14a.gen trojan.

not from hotmail, but from www.runescape.com

Anonymous said...

The same happende to ma, and im using firefox

Siang said...

Alert appears on too many website, it should be a false positive. Firefox was not affected probably because of adblock or noscript was in use and it done a good job.