I’ve seen a few false positives with BitDefender for random Lemmy instances too. It might be the heuristics being triggered by the random URL names, but it’s also possible there were random exploits like the XSS vulnerability that were caught by some antivirus apps. Considering Lemmy is still a juicy target for bad actors, some precaution is probably warranted.
In general I’d look closely at the specific detection to make sure it’s not flagging a suspicious JS file, etc.
Because the site is behind a login, you would have to upload the JS files individually to virustotal. However, there are no trojans that can affect you from visiting a website. Browsers have sanboxing to prevent that. What web threats usually do is steal keystrokes, serve ads, phish banking sites etc. To get infected by a trojan you would have to download a file and execute it.
Actually drive by JS attacks and JavaScript engine exploits happen occasionally and have known to bypass browser sandboxes. In these cases the infection is completely invisible to the user and requires no downloads or execution of files.
Yeah you’re right. But browser zero days are usually targeted attacks not casting a large net like the usual web threat. Thanks for the link, it was interesting to learn some more techniques that are used in developing those. In this case the threat detected was Go based ransomware.
VirusTotal doesn’t show any infections for that url.
I’ve seen a few false positives with BitDefender for random Lemmy instances too. It might be the heuristics being triggered by the random URL names, but it’s also possible there were random exploits like the XSS vulnerability that were caught by some antivirus apps. Considering Lemmy is still a juicy target for bad actors, some precaution is probably warranted.
In general I’d look closely at the specific detection to make sure it’s not flagging a suspicious JS file, etc.
Because the site is behind a login, you would have to upload the JS files individually to virustotal. However, there are no trojans that can affect you from visiting a website. Browsers have sanboxing to prevent that. What web threats usually do is steal keystrokes, serve ads, phish banking sites etc. To get infected by a trojan you would have to download a file and execute it.
Actually drive by JS attacks and JavaScript engine exploits happen occasionally and have known to bypass browser sandboxes. In these cases the infection is completely invisible to the user and requires no downloads or execution of files.
Yeah you’re right. But browser zero days are usually targeted attacks not casting a large net like the usual web threat. Thanks for the link, it was interesting to learn some more techniques that are used in developing those. In this case the threat detected was Go based ransomware.
Its a IP hit, not DNS
https://www.virustotal.com/gui/ip-address/80.78.22.88/community
The
Trojan
mention is worrying, though. Does it provide any more details about what it’s flagging?