Skip to main content

No, One of My Adverts Was Not Trying to Attack Your Computer This Morning

27216541_240f55d783_bI have long advocated using an ad blocker for security reasons. Malvertising, or ads which try to infect your computer, can happen from any site on any ad network, including Forbes, AOL’s ad network, .

Luckily, it has yet to happen on this blog.

Earlier today a reader warned me that one of the adverts on my site had been caught by their Eset antivirus while trying to infect their computer with a trojan called JS/ScrInject.B.

I have embedded the warning message at the end of this post, but fortunately for me it looks like this was a false positive. A search of Eset’s own forums reveals multiple reports that other sites, including subscription sites with no adverts, are also supposedly serving up this same trojan this morning.

While it’s possible that these reports are accurate, I can’t find any reports from other antivirus products or services, and that suggests that this was a problem with the detection software rather than the ads on the websites.

And that’s a relief, because frankly there was nothing I could have done about this problem other than to remove the ad. The source of the mistakenly reported trojan wasn’t on my servers but was merely delivered via the ad code sitting on my webpage, and so it was outside of my control.

It’s also largely out of my ad network’s control. The online advertising ecosystem is so fragmented that a malicious advert may pass through several intermediaries before showing up on a website.

It’s a screwy situation, yes.

JS/ScrInject.B trojan
connection terminated
Threat was detected upon access to web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (EC7C614426E5AE6C22DDA350ED3ADB2DAE2C7E9C).    66DA6F1E7148DC6CCC1ED1F171276F80D1D074D2

image by Marcelo Alves


Similar Articles


Stephen Toop March 1, 2016 um 2:02 am

"Borked ESET antivirus update says entire web is too risky to browse"

Nate Hoffelder March 1, 2016 um 5:19 am

Thanks! I thought that was happening, and it’s good to have confirmation.

Write a Comment