Malware message on a website

Hello,

I have a Malware/virus warning for my website “JS:includer-ZG[trj]”. what can be the solution?

I’m using the free version of avast on MAC.
My website is www.supairball.com

https://sitecheck.sucuri.net/results/www.supairball.com
Status: Infected With Malware. Immediate Action is Required.

Malware site in Yandex Safebrowsing

Waiting for your help :slight_smile:

Malware entry: MW:JS:150 >> http://labs.sucuri.net/db/malware/malware-entry-mwjs150?v28

There is a java script that containe a blacklisted URL

see here >> https://virustotal.com/en/url/8056d4d2b01292f5289518b1a9495778f987364a9d60bc4c4713ba5c830cef0b/analysis/1481810948/

Hello,
Tanks for your replay.
The call to this URL is done by an encrypted way? I do not find the url in any of the JS files.

Next to the malicious script, this also needs to be taken care of :
http://retire.insecurity.today/#!/scan/48f5b5103b40e6d908944dfaf7f5a9e6a88275f00910c2de460472a858a7977c

Post screenshot of the avast message so we can see exactly what avast detect

Hello Eddy,
Tanks for your replay,
i found this information :

Detected libraries:
jquery - 1.11.3 : (active1) https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.11.1 : http://www.supairball.com/js/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Do I have to replace the files?

Yes, you need to use the latest JQuery version.

And there is some more ways of improving on that website’s security status:
https://observatory.mozilla.org/analyze.html?host=www.supairball.com
61 blacklisted external links: https://quttera.com/detailed_report/www.supairball.com

Site also blacklisted by Yandex: https://yandex.com/infected?l10n=en&url=www.supairball.com
DOM-XSS vuln: Results from scanning URL: -http://www.supairball.com/js/jquery.tosrus.js
Number of sources found: 43
Number of sinks found: 19

error in that code:

line:4: SyntaxError: missing ) in parenthetical:
error: line:4: ment;return b?“HTML”!==b.nodeName:!1},m=fb.setDocument=function(a){var b,e=a?a.ownerDocument||a:v,g=e.defaultView;return e!==n&&9===e.nodeType&&e.documentElement?(n=e,o=e.documentElement,p=!f(e),g&&g!==g.top&&(g.addEventListener?g.addEventListener("un
error: line:4: …^
…a good rule to solve braces problem, the first thing would be to use a Find-Replace to count the number of opening and closing braces and whether they match or not. If they don’t, you can use any good editor (that highlights the matching brackets when you put the cursor over a bracket) and search for ‘(’ and ‘{’ and see whether the matching bracket highlighted is the one you intended or not. Info credits go to StackOverflow’s Rafid

polonus (volunteer website security analyst and website error-hunter)

Hello Eddy,
I replaced Jquery files with latest versions, and i still have the same problem.
Some help please :frowning:
Thanks

We cannot help you with that as it depends on blacklisting status and eventual blocking.
We here are just volunteers with relevant knowledhge, but only Avast Team Members can unblock.
For other blacklisting you have to address the party that hasblacklisted your site
and ask whether you could be taken off of that blacklist.

polonus