Answer the question
In order to leave comments, you need to log in
C
C
ChesterLife2018-06-05 13:58:11
ChesterLife, 2018-06-05 13:58:11
Where is the Trojan code in the HTML file?
There was an attempt to attack by replacing the payment order data from 1C to the client bank. The only thing that was found was "HEUR:Trojan.Script.Generic", which was seen by Kaspersky and Eset in HTML files from glavbukh.ru. Very similar to the truth.
The originals of both HTML are available at the links:
https://www.dropbox.com/s/iey0wqp73gkadu8/158401-perenos-vycheta-po-nds-s-2014-na-2016-god%5B1%5D.htm?dl=0
https://www.dropbox.com/s/bfe41dw2zv8rhqc/197499-qqqm1y17-ip-i-fizicheskoe-litso-imushchestvo%5B1%5D.htm?dl=0Any idea where exactly the "dog is buried" here?
1 answer(s)
@gohdan
A
Alexey Pyanov, 2018-06-14 @gohdan
I looked at the files briefly - there is nothing clearly Trojan. Kaspersky and ESET don't find any Trojans either - https://www.virustotal.com/#/file/0cd07ede7698b84f... , https://www.virustotal.com/#/file/4c390f961903e809... . It only finds ZoneAlarm, but it finds it alone and doesn't say they have any particularly good antivirus. This is most likely a false positive.
I think the accountant himself carried out the data spoofing attack in the payment order, and now he’s just blaming everything on viruses.
Similar questions
S
R
F
P
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question