ESET NOD32 Antivirus detecting compromised websites

[$Iain$]

The ESET noticed that numerous websites are still compromised. I heard that those websites are running same kind of malware which was create and injected by hackers. These malwares do not need any FTP credentials in order to infect with the malware inside the legitimate websites. This malware is enough to exploit server side application. I would ask admins of compromised website to report about the security incidents. ESET might be working on some undetected PHP malware to improve detection level and security and they are eager to receive samples.

[Kakashi Hatake]

Yes, I would think that the web master or admins should come up in public and post their security incidents in a public forum or official antivirus forums so that the security analyst can improve the detection level and find an easy patch. This will help the developer to make the browser as block scripting and allow only Trusted sites. Even if the trusted site is compromised, then Av products can take counter measure to avoid the exploit.

[Ebadaah28]

NOD32 is almost too aggressive and offers very effective detection. The software does not fail on the web, effectively blocking JavaScript attacks. However, NOD32 is quite CPU intensive during analysis. If the memory consumption of the virus is quite high and it impact on Windows startup, the ESET will automatically kill the infected process to free up memory Overall, NOD32 is still a good compromise between lightness and efficiency.