Jump to content











Photo
- - - - -

zonealarm set reboot.pro in suspicious site list


  • Please log in to reply
10 replies to this topic

#1 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 17 December 2010 - 03:48 PM

some hours ago, I saw the Checkpoint (zonealarm) security tab pop up.


Posted Image

#2 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10549 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 December 2010 - 04:13 PM

There's never a boring moment around here.. ;)

#3 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 17 December 2010 - 04:44 PM

Maybe ZoneAlarm does not like the current appearance (as well as I dislike).

Peter ;)

#4 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10549 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 December 2010 - 04:49 PM

They probably need a reboot on their servers.

#5 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 17 December 2010 - 05:28 PM

an evil finger could have submitted reboot.pro as malicious site. Somebody bad ;-)

#6 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10549 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 December 2010 - 05:56 PM

Well.. no need to create a conspiracy theory to explain everything in life.. ;)

It is reasonable that they consider suspicious a site that get thousands of visitors and several links across the Internet over night as suspicious.

In fact, spammers force this type of behavior on daily basis with automated posting tools and the sort. Might take years to build up a reputation and trust on a domain.

We're the false positive website.. :cheers:

#7 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 18 December 2010 - 09:19 AM

Nuno, I told it (conspiracy) just for fun, as in this peace of land, conspiracy theories are gradually becoming trendy just to exposite the situation. The usual attidude that everybody else should be blame except us. As I told to an austrian friend who leaves here, this land would be better without its native landers (and I don't speak about bootlanders, ok)

#8 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10549 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 18 December 2010 - 10:03 AM

Yes, very good advice.

Will try to follow it myself, when things go wrong I like to think that the (italian) illuminati were somehow involved. :clap:

In terms of false positives on zonealarm, I had already seen similar message on the Mcafee's site advisor. They marked our site as a source of evil files compressed with upx.exe and the sort.

Ironically, google.com is highly reputed on their site advisor ranking even thought exist countless reports of malicious pages and files hosted and their servers that sometimes take forever to be removed out of sight.

:cheers:

#9 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 18 December 2010 - 10:14 AM

some hours ago, I saw the Checkpoint (zonealarm) security tab pop up.


Posted Image


No conspiracy-at least for now, seems stupid but:

sites not older than three months get this warning.Usually one characteristic of malicious sites is that they are recently created.You should be able to click on the ForceField hyperlink within the box to ignore the warning

http://forums.zonealarm.com/showthread.php?p=265612#post265612

Posted Image

Posted Image

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15108 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 December 2010 - 11:41 AM

No conspiracy-at least for now, seems stupid but:

Rest ASSURED it IS stoopid.
It's the support the good guys at Zone Alarm give to the new initiatives on the net. :cheers:

Not that McAfee helps much, wouldn't it be actually documented:
https://community.mc...tart=0&tstart=0
I would have difficulties in believeing the utter lack of ANY form of intelligence (in the sense of actually working brains) at McAfee:
http://www.msfn.org/.../page__st__1150
this looks a lot like a joke or a candid camera than actual support from a (supposedly) reputable AV vendor:
https://community.mc...tart=0&tstart=0
(please note how not only the file in question has been used by tens of thousands of people and is around since a few years, it also comes with source code)


JFYI I use the same 3' 5" stick I use to NOT touch Symantec products to NOT touch ANY McAfee thingy. :clap:

;)
Wonko

#11 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10549 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 18 December 2010 - 12:29 PM

I liked this part from your link:

Today only i have joined this community, I have checked with your file which you have attached.I found that it is not a valid PE file and i think it is a 16 bit file. I have checked with the code and I think because of ShellExecuteEx() api in the code is the reason for detecting it as a malicious by many av vendors. I think the researcher might skipped your file because it is not a valid exectuable file.


So, compiling a 16 bit binary and calling shellexecute from within is sure way to get yourself listed. Guess we're really doomed around here to be blacklisted in eternum.. :clap:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users