Afrihost - Possible 'Man in the Middle' attacks?

narf23 · Feb 29, 2016

I received a call from one of my customer’s letting me know their ESET EndPoint AntiVirus is blocking JS/ScrInject.B Trojan Threats to quite a few websites.

Tested on my side and same thing.

We both running on Afrihost ADSL and changed to Telkom LTE - tested and sites working perfectly and not being blocked.

My question - is it possible for an ISP to be attacked with 'Man in the Middle' attacks?
ESET Support said it is a false positive and run a virus database update this should resolve the issue.
But before I managed run an update, changed back to Afrihost and websites working.

topdog · Feb 29, 2016

narf23 said:
I received a call from one of my customer’s letting me know their ESET EndPoint AntiVirus is blocking JS/ScrInject.B Trojan Threats to quite a few websites.

Tested on my side and same thing.

We both running on Afrihost ADSL and changed to Telkom LTE - tested and sites working perfectly and not being blocked.

My question - is it possible for an ISP to be attacked with 'Man in the Middle' attacks?
ESET Support said it is a false positive and run a virus database update this should resolve the issue.
But before I managed run an update, changed back to Afrihost and websites working.

View attachment 346081

Short answer is YES, most ISP's run transparent cache's using WCCP. If that is compromised the attacker can inject malicious code into the responses.

PsyWulf · Feb 29, 2016

narf23 said:
I received a call from one of my customer’s letting me know their ESET EndPoint AntiVirus is blocking JS/ScrInject.B Trojan Threats to quite a few websites.

Tested on my side and same thing.

We both running on Afrihost ADSL and changed to Telkom LTE - tested and sites working perfectly and not being blocked.

My question - is it possible for an ISP to be attacked with 'Man in the Middle' attacks?
ESET Support said it is a false positive and run a virus database update this should resolve the issue.
But before I managed run an update, changed back to Afrihost and websites working.

View attachment 346081

Dude,this is nothing so malicious. Google
Bad ESET update,revert to 6 hours ago or update to absolute latest

https://www.reddit.com/r/sysadmin/comments/489jep/eset_flagging_sites_as_threats/

deweyzeph · Feb 29, 2016

Get a decent antivirus. ESET is crap.

karnuffel · Feb 29, 2016

deweyzeph said:
Get a decent antivirus. ESET is crap.

I cannot disagree more.

karnuffel · Feb 29, 2016

Similar issues and solution found here
http://mybroadband.co.za/vb/showthread.php/802911-News-24-trojan

deweyzeph · Feb 29, 2016

jouda said:
I cannot disagree more.

We'll just have to agree to disagree.

Creag · Feb 29, 2016

deweyzeph said:
Get a decent antivirus. ESET is crap.

jouda said:
I cannot disagree more.

deweyzeph said:
We'll just have to agree to disagree.

You blokes are such a nice, amicable lot

karnuffel · Feb 29, 2016

McT said:
You blokes are such a nice, amicable lot

well we can agree on that too

PostManPat · Feb 29, 2016

McT said:
You blokes are such a nice, amicable lot

Agreed

Join the MyBroadband community

Get started

Afrihost - Possible 'Man in the Middle' attacks?

narf23

Well-Known Member

topdog

Active Member

PsyWulf

Honorary Master

deweyzeph

Honorary Master

karnuffel

Executive Member

karnuffel

Executive Member

deweyzeph

Honorary Master

Creag

The Boar's Rock

karnuffel

Executive Member

PostManPat

Well-Known Member