Results 1 to 14 of 14

Thread: from today Harmful site?

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,518
    Blog Entries
    1

    from today Harmful site?

    this warning was absent on my previous visit (-3 day). whattodo?
    Attached Images Attached Images  

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Nice to see you around eval, stick around

    It's been that way for several months actually, don't you feel safer now knowing that Firefox/Chrome is protecting you?

    Some of that might be from the odd file or tool on this site that was AV flagged as bad, but those who have been here for a long time know those are all false positives, and that's been an issue for years.

    What I take exception to is the Firefox claim that

    Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

    I understand the caution, and Firefox does a fine job in protecting the innocent from potentially bad sites. But, flagging woodmann.com is a false positive from Google Safe Browsing

    https://developers.google.com/safe-browsing/v4/advisory


    We all know that there has never been any malicious intent from this site for over 20 years, since the days of Fravia, that was never the point or purpose of this community.

    However I do have a suspicion there might be an innocent thread we had discussing javascript that might have been a trigger. The whole point was to decipher what a malicious encrypted redirect js was doing, some code was posted of course and an instructive reversing discussion followed to learn how to reverse and understand this type of code, for example using window.alert() messages for debugging. All done with the best intent, but not a real threat.

    A six year old thread may have recently triggered Google Safe Browsing. I just deleted it and another one I found, they will no longer be flagged.

    Kayaker

  3. #3
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,518
    Blog Entries
    1
    Hello, Kayaker!
    some time ago I read about automated attempt to decrypt "malware" passworded malware containing zip files.. Can be this case?

    another question is: why "HTTPS" gone?

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Could be, we always zip protected malware samples with the password 'malware' or 'infected', a common practice elsewhere as well, perhaps even in the larger malware sharing sites. So I guess it's quite possible an AV might test a few common passwords.

    In this case though, even my Avast protection flagged that one particular thread as
    JS:Redirector-BWJ [Trj]

    I might test the thread to see what js code signature it's picking up on. Everything was written in the forum CODE tags, but it seems the AV script must be reading all text (well, byte comparisons) based on a database of signatures.

    Hmm, makes me wonder a bit about the whole mechanism of updating av signatures, how they are accessed by the program, a database of some sort, somewhere in memory, API's used?


    Oh, no https here ever.

  5. #5
    Quote Originally Posted by Kayaker View Post
    Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

    I understand the caution, and Firefox does a fine job in protecting the innocent from potentially bad sites. But, flagging woodmann.com is a false positive from Google Safe Browsing

    https://developers.google.com/safe-browsing/v4/advisory
    I saw that red window sometime ago and it annoyed me. It seems to be coming from Google as well, is it not?

    Anyway, where do we go to protest this ridiculous slander?

    BTW...it was more than a month ago that I saw it. I don't get it using Firefox normally, only got it when I went through Google from another machine.

  6. #6
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,518
    Blog Entries
    1
    just now FireFox didn't want to gave me dlded file
    www.aescrypt.com/download/v3/windows/AESCrypt_console_v310_win32.zip
    well, retrived it from cache :P
    is this "safe browsing" just based on detection counts from VTotal??

    Kayaker, does HTTPS gone bcoz of $ reqs?
    Last edited by evaluator; March 6th, 2020 at 04:55.

  7. #7
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Weird, there's a thread from 2 years ago on the google support forum from a site admin reporting the file was falsely flagged, and a link to where you can get the current Safe Browsing status of the file site.

    https://support.google.com/webmasters/forum/AAAA2Jdx3sUNpP-QggaYw0/?hl=tr

    https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.aescrypt.com%2Fdownload%2Fv3%2Fwindows%2FAESCrypt_console_v310_win32.zip

    Google Safe Browsing now reports it safe, but when I try to download it Firefox blocks it as being malicious. The download button at least allows you to bypass that and save it.

    When I check with my Avast free it doesn't detect any problem with the file.

    So why is Firefox still blocking the download? Is it NOT using Google Safe Browsing, while the image above states it is?


    Yeah, cost I guess. Could W ensure the "s" part of that?

  8. #8
    Quote Originally Posted by Kayaker View Post
    So why is Firefox still blocking the download?
    Because Mozilla are turning into a load of Net Nazis. I'm having trouble running Firefox on XP although my current version, 52, is supposed to run on XP. Many of my add-ons have been blocked by Mozilla 'for my own good', including any Adobe plugins below version 9. The Catch-22 is that FF52 apparently won't run versions newer than 9.

    Who asked them to look after my own good? It is not beyond belief for me to think they have likely crippled Firefox on XP for the good of all of us. Bless their Big Brother hearts.

    BTW...I tried to post on the Google safe browsing forum to defend RCE. My post was immediately deleted. The Net Nazis seem to have spread to Google.

    Anyway, Firefox on XP is behaving weirdly (don't worry, my XP OS is isolated to it's own disk at any one time). I can get it to work by having Task Manager open. FF won't take input till I click on TM. So, on Google, I have to insert a cursor in the search box, type blindly, touch the mouse cursor on TM, at which time the text magically appears in the Google search box in FF. To scroll down the Google page I have to drag the scroll bar blindly, but it won't move till I touch the cursor on TM. When I click on a hyperlink I want, I have to go back to TM and touch it anywhere with the cursor then FF goes to the page.

    This is not a focus issue, I checked it with a tool that checks focus. The focus is fine on both FF and TM.

  9. #9
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,518
    Blog Entries
    1
    Quote Originally Posted by WaxfordSqueers View Post
    Many of my add-ons have been blocked by Mozilla 'for my own good
    I see in firefox folder file 'blocklist.xml'. if you remove it, will addons unbloked?
    as about go0safebro, I think, should be asked "Yellow" shirts instead of red

  10. #10
    Quote Originally Posted by evaluator View Post
    I see in firefox folder file 'blocklist.xml'. if you remove it, will addons unbloked?
    Brilliant. Yes, changing it's name reactivates all my plugin. I need to be careful with the script because I know some plugins and extensions stop FF working correctly. I'll have to look closer at the script to see which ones to activate.

    Thanks, very helpful. I am currently trying to update the Adobe Acrobat plugin version 5?????? Has not been updated since 10 September 2001.!!!!! Don't know if Adobe supplies plugins for XP anymore.

    Ultimately, I want to get XP going on my new mobo with a 300 series chipset so I can debug apps that I cannot be debug easily otherwise, For example, I have a DirectX 3D game going that has video problems. Another freezes at startup. I want to get into the code to see what is going on and I can't do that in a VM because the video requirements are high.

    I am learning to use windbg but I am still not convinced that it can single-step through ring 0 code like softice can. I will keep trying but any time I try to 'step' into ring 0 with windbg I get thrown out the other end immediately. I suppose I could use BPs in ring 0 but sometimes I prefer single-stepping to see what the code is doing.

    I am thinking of starting a new thread since softice has frozen the system when I try to start it on this new chipset. We have reasoned it is the video driver. However, I was running in 800x600 mode the other day for a game and decided to try sice for the fun of it. It did not freeze the system this time but it gave an error about cpthook.sys not working. Have no idea what that's about yet. I also came across this interesting article in how to set up softice in the registry so it will catch a driver early in the loading sequence. You guys probably know about it already.

    https://community.microfocus.com/t5/DevPartner-Knowledge-Base/Using-softice-to-debug-early-loaded-drivers/ta-p/1753634

    Don't know why the hyperlink doesn't work. I used both the link button above and the bracket method with the URL inside and it does not produce a clickable link.

  11. #11
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Quote Originally Posted by WaxfordSqueers View Post
    Don't know why the hyperlink doesn't work. I used both the link button above and the bracket method with the URL inside and it does not produce a clickable link.
    That's my doing from way back, a plugin script to prevent clickable outside links in the Off Topic forum, the other forum isn't affected. Don't worry, it's not some insidious FF enforcement

  12. #12
    Quote Originally Posted by Kayaker View Post
    Don't worry, it's not some insidious FF enforcement
    That's a relief. I've had a bad week as it is.

  13. #13
    i wanted to fix the video problem for a long time

    it wasnt neccesary games it also apeared if i had a video running

    so i tryed 2 different grafic cards of the same type and even the same pcp manufactor

    what i could see is diffrent is the video load screen (one was a asus 7800 gt , the other a msi 7800)
    those got the same identical pcb looks like only the firmware/bios is diffrent

    so i run a video to cause the problem to happen for the asus 7800 gt directly bsod
    so then i switched the cards and tryed out the msi 7800 gt and did the same thing again (same driver version and same drivers)
    and nothing no bosd everything works

    i also tryed some different driver versions and yes that affected the bsod problem for example the bsod apeared on a different driver version
    and the msi 7800 gt also got the bsod problem


    the dumpfile says it happens in ntice.sys , but it could be anywhere maybe even a wrong address that came from a different part

    so what i done next is i tryed to set up a vm and trying to debug softice over a vm debugger
    but when i was about to do that i saw a other problem

    the problem does not apear in vmware not at all not any card not any version of drivers

    so what i would need is to debug softice while the problem apears then i very likely can find out what cause this problem

    making a road with the dumpfile, a non runtime debugger and having no source code leaded to nothing
    the function is very big chained so that road didnt work

    a other thing is that this problem seems to apear when softice wants to apear or maybe draw itself

    as i might sayed in the past if some1 can make a vm where this problem happen and i take a look on the softice process i can very certain see the problem

  14. #14
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Hi Guys, I split this thread for Softice discussions, please continue replies there, thanks

    http://www.woodmann.com/forum/showthread.php?15787-Softice-Discussions

Similar Threads

  1. today's FB's 'mention'-attack
    By evaluator in forum General Reversing
    Replies: 0
    Last Post: December 4th, 2015, 09:15
  2. just today infected USB-flash
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 13
    Last Post: January 29th, 2013, 03:59
  3. today's torrent-malware fight
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: January 26th, 2009, 23:53
  4. The isp was changed just today
    By tsehp in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 26th, 2001, 17:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •