False positive on square enix site?

After accessing the site hXXp://square-enix.com and allowing scripts Avast found the following detections:

Sign of ‘‘HTML:Script-inf’’ has been found in ‘‘hXXp://na.square-enix.com/sitestratos/ss_finalfantasyxiiicom_fa.js’’ file.

Sign of ‘‘HTML:Script-inf’’ has been found in ‘‘hXXp://na.square-enix.com/sitestratos/ss_finalfantasyxiiicom.js’’ file.

Does this look like Avast detecting a false positive or is this likely a problem with my own computer as I can’t imagine there actually being a problem with the site?

Sorry if this has been mentioned before but I looked for the topic before posting this and couldn’t find anything.

Sites are getting hacked at a massive rate and avast has been very accurate in these detection in the past.
– Every 3.6 seconds a website is infected http://forum.avast.com/index.php?topic=47096.msg396648#msg396648.

How are you getting to the na. sub-domain I don’t get any detection on the main site square-enix.com home page ?

I can’t get to that URL Permissions issue for the /sitestratos/ area, presumably this is site stats (?).

I do manage to get far enough to get an alert by just going to the home page of the .ns sub-domain (na.square-enix.com/) and checking the page the alert is on, there is reference to a site considered malicious (see image) b35.info, see links below. This site is also on avasts malicious site list, so that could well be a contributory factor.

http://www.malwaredomainlist.com/forums/index.php?topic=3184.0 and http://www.malwaredomainlist.com/forums/index.php?topic=3184.0

Yes, I don’t get any warning by opening hXXp://www.square-enix.com, even after that I directed to hXXp://www.square-enix.com/jpn/index.html, there was still no warning.

This is the exact address I followed: hXXp://na.square-enix.com/ff13/

I did not click on anything else. I was just alerted by Avast as soon as I landed on the page.

i think addict had asked regarding this site previously. check the links i have posted in that topic : http://forum.avast.com/index.php?topic=46941.0 now those things might have changed.

exactly david r, it is still there.

i don’t know why but wepawet says this : http://wepawet.iseclab.org/view.php?hash=29a615aeb1f73a5da41daf41ca514a20&t=1253297160&type=js

hXXp://na.square-enix.com/sitestratos/ss_finalfantasyxiiicom_fa.js and hXXp://na.square-enix.com/sitestratos/ss_finalfantasyxiiicom.js both have the same content.

Yes the content of the .js file is identical to the image I posted trying to access the malicious site.

@ davidr

sir,

in reply #1, you have posted the link to malwaredomainlist twice.

http://www.malwaredomainlist.com/forums/index.php?topic=3184.0 and http://www.malwaredomainlist.com/forums/index.php?topic=3184.0

did you want to insert some other link the second time ??

No, it looks like my link to the WOT scorecard didn’t get copied in my copy and paste URL operation. It should have been, http://www.mywot.com/en/scorecard/b35.info.

So do you guys have any advice about what I should do? Did avast catch this before it could get onto my computer? Thanks for all your help so far.

just delete all your browser cache, history, preferences. - more than enough.

Yes the avast web shield should have blocked it (the abort connection drops the detected items connection), clearing your browser cache is belt and braces.

belt and braces.

you may loose some saved passwords and form history…

Not by just clearing the browser cache which is all I suggested.

Form history and saved passwords are different again, personally I never have firefox save passwords, trusting aren’t I (NOT).

it was for my post sir,…

edit : my post includes history and preferences.

that is another typosquatter as it does not equal the real website’s url.

I understand typo squatting, but what are you saying is the correct URL ?

The square-enix.com domain seems to be a legit games/entertainment domain name. Googling that domain brings up lots of hits nothing in the first 50 hits to indicate the site isn’t legit ???