Results 1 to 14 of 14

Thread: from today Harmful site?

Hybrid View

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,520
    Blog Entries
    1

    from today Harmful site?

    this warning was absent on my previous visit (-3 day). whattodo?
    Attached Images Attached Images  

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Nice to see you around eval, stick around

    It's been that way for several months actually, don't you feel safer now knowing that Firefox/Chrome is protecting you?

    Some of that might be from the odd file or tool on this site that was AV flagged as bad, but those who have been here for a long time know those are all false positives, and that's been an issue for years.

    What I take exception to is the Firefox claim that

    Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

    I understand the caution, and Firefox does a fine job in protecting the innocent from potentially bad sites. But, flagging woodmann.com is a false positive from Google Safe Browsing

    https://developers.google.com/safe-browsing/v4/advisory


    We all know that there has never been any malicious intent from this site for over 20 years, since the days of Fravia, that was never the point or purpose of this community.

    However I do have a suspicion there might be an innocent thread we had discussing javascript that might have been a trigger. The whole point was to decipher what a malicious encrypted redirect js was doing, some code was posted of course and an instructive reversing discussion followed to learn how to reverse and understand this type of code, for example using window.alert() messages for debugging. All done with the best intent, but not a real threat.

    A six year old thread may have recently triggered Google Safe Browsing. I just deleted it and another one I found, they will no longer be flagged.

    Kayaker

  3. #3
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,520
    Blog Entries
    1
    Hello, Kayaker!
    some time ago I read about automated attempt to decrypt "malware" passworded malware containing zip files.. Can be this case?

    another question is: why "HTTPS" gone?

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Could be, we always zip protected malware samples with the password 'malware' or 'infected', a common practice elsewhere as well, perhaps even in the larger malware sharing sites. So I guess it's quite possible an AV might test a few common passwords.

    In this case though, even my Avast protection flagged that one particular thread as
    JS:Redirector-BWJ [Trj]

    I might test the thread to see what js code signature it's picking up on. Everything was written in the forum CODE tags, but it seems the AV script must be reading all text (well, byte comparisons) based on a database of signatures.

    Hmm, makes me wonder a bit about the whole mechanism of updating av signatures, how they are accessed by the program, a database of some sort, somewhere in memory, API's used?


    Oh, no https here ever.

  5. #5
    Quote Originally Posted by Kayaker View Post
    Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

    I understand the caution, and Firefox does a fine job in protecting the innocent from potentially bad sites. But, flagging woodmann.com is a false positive from Google Safe Browsing

    https://developers.google.com/safe-browsing/v4/advisory
    I saw that red window sometime ago and it annoyed me. It seems to be coming from Google as well, is it not?

    Anyway, where do we go to protest this ridiculous slander?

    BTW...it was more than a month ago that I saw it. I don't get it using Firefox normally, only got it when I went through Google from another machine.

  6. #6
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,520
    Blog Entries
    1
    just now FireFox didn't want to gave me dlded file
    www.aescrypt.com/download/v3/windows/AESCrypt_console_v310_win32.zip
    well, retrived it from cache :P
    is this "safe browsing" just based on detection counts from VTotal??

    Kayaker, does HTTPS gone bcoz of $ reqs?
    Last edited by evaluator; March 6th, 2020 at 04:55.

  7. #7
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Weird, there's a thread from 2 years ago on the google support forum from a site admin reporting the file was falsely flagged, and a link to where you can get the current Safe Browsing status of the file site.

    https://support.google.com/webmasters/forum/AAAA2Jdx3sUNpP-QggaYw0/?hl=tr

    https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.aescrypt.com%2Fdownload%2Fv3%2Fwindows%2FAESCrypt_console_v310_win32.zip

    Google Safe Browsing now reports it safe, but when I try to download it Firefox blocks it as being malicious. The download button at least allows you to bypass that and save it.

    When I check with my Avast free it doesn't detect any problem with the file.

    So why is Firefox still blocking the download? Is it NOT using Google Safe Browsing, while the image above states it is?


    Yeah, cost I guess. Could W ensure the "s" part of that?

  8. #8
    Quote Originally Posted by Kayaker View Post
    So why is Firefox still blocking the download?
    Because Mozilla are turning into a load of Net Nazis. I'm having trouble running Firefox on XP although my current version, 52, is supposed to run on XP. Many of my add-ons have been blocked by Mozilla 'for my own good', including any Adobe plugins below version 9. The Catch-22 is that FF52 apparently won't run versions newer than 9.

    Who asked them to look after my own good? It is not beyond belief for me to think they have likely crippled Firefox on XP for the good of all of us. Bless their Big Brother hearts.

    BTW...I tried to post on the Google safe browsing forum to defend RCE. My post was immediately deleted. The Net Nazis seem to have spread to Google.

    Anyway, Firefox on XP is behaving weirdly (don't worry, my XP OS is isolated to it's own disk at any one time). I can get it to work by having Task Manager open. FF won't take input till I click on TM. So, on Google, I have to insert a cursor in the search box, type blindly, touch the mouse cursor on TM, at which time the text magically appears in the Google search box in FF. To scroll down the Google page I have to drag the scroll bar blindly, but it won't move till I touch the cursor on TM. When I click on a hyperlink I want, I have to go back to TM and touch it anywhere with the cursor then FF goes to the page.

    This is not a focus issue, I checked it with a tool that checks focus. The focus is fine on both FF and TM.

Similar Threads

  1. today's FB's 'mention'-attack
    By evaluator in forum General Reversing
    Replies: 0
    Last Post: December 4th, 2015, 09:15
  2. just today infected USB-flash
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 13
    Last Post: January 29th, 2013, 03:59
  3. today's torrent-malware fight
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: January 26th, 2009, 23:53
  4. The isp was changed just today
    By tsehp in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 26th, 2001, 17:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •