[clamav-users] jquery-1.2.6.pack.js is now a Win.Trojan.Agent-1430626
Raphaël
raphael.droz at gmail.com
Thu Jun 2 04:41:29 UTC 2016
Hi,
One of my teammate recently got notified about (more) trojans since the 21640 update
http://lists.clamav.net/pipermail/clamav-virusdb/2016-May/002964.html
A derivated version of jquery-1.2.6.pack.js now matches a known signature:
# download original JQ
$ wget http://code.jquery.com/jquery-1.2.6.pack.js
# play with whitespace to match SVN raw file
$ sed -r -e 1i$'\x0a' -e '/Date:|Rev:/s/ \$$//' -e '/Date:|Rev:/s/\$//' jquery-1.2.6.pack.js > jquery-1.2.6.pack.mod.js
$ clamscan jquery-1.2.6.pack.mod.js
> Win.Trojan.Agent-1430626 FOUND
Given the importance of today (closed-source) javascript in computing
tasks that makes sense. But I fear this wasn't not expected.
Out of curiosity, how/who/why does it comes from?
How many such false positive does the DB possibly contains already?
best regards
More information about the clamav-users
mailing list