Jump to content











Photo
- - - - -

911CD question


  • Please log in to reply
6 replies to this topic

#1 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 08 September 2015 - 11:04 AM

As the title already says, this is not a reboot.pro feedback.

 

But I have a question I cannot ask in the targetted site itself.

 

When I enter 911cd, I get a message that this site contains unwanted software.

 

A real warning by an unknown cloud-god?

 

Or a false positive by my system?

 

My system:

 

XP-x86-SP3

Windows Firewall

Avast personal antivir

Firefox 40.0.2 with plugins

  • Avast Online security
  • Browser security
  • Privacy Badger
  • uBlock Original
  • WOT

Thanks for responding!

 

Peter



#2 v77

v77

    Silver Member

  • Team Reboot
  • 602 posts
  •  
    France

Posted 08 September 2015 - 11:45 AM

0 / 63 on VirusTotal. But Avast is not in the list of the scanners. Maybe not reliable enough for this kind of work?



#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 08 September 2015 - 03:32 PM

Google has a (obviously "free") service that more or less works this way:

  1. it accesses a site (to index it)
  2. scan it's contents
  3. if it find anything that even remotely seems malicious blacklists it
  4. both Chrome and Firefox use this list to warn user (actually scare the heck out of them) (Opera and other browsers are "immune" from this)

then if you go to the "details" (you can find the link on the RED WARNING page):

http://safebrowsing....=chromium&hl=en

 

 

Safe Browsing Diagnostic page for www.911cd.net/forums

What is the current listing status for www.911cd.net/forums?

What happened when Google visited this site?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

Of the 32 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-09-07, and the last time suspicious content was found on this site was on 2015-08-27.

Malicious software includes 8 exploit(s).

This site was hosted on 2 network(s) including AS46785 (QUASAR-DATA-CENTER), AS15169 (GOOGLE).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.911cd.net/forums did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including .

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

 

Next steps:

the issue is of course that it doesn't tell you (nor I am said through the Webmaster tools :unsure:) WHICH actual page contains(ed) the malware (if any) nor which file/attachment/script or whatever has actually tagged as malware. (please note how the issue could well be connected to some ads provided by a third party and nowhere to be found again at inspection time)

The webmaster/admin needs to check *everything* (and since tools like VirusTotal do not find anything and without a good hint at where the problem is it isn't easy at all) then re-submit the site to google as "clean" and hope that it gets "rated clean" by the stupid google at next scan.

 

From the little experience I have on this the "service" (while of course tags some sites correctly) has a relatively high number of false positives (which may even be a good thing by itself if there was an easy way to check and correct the problem if any) but it completely fails to tag a number of actually malware affected sites. :(

 

The moral is of course: use Opera and get a life.

 

:duff:

Wonko



#4 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 08 September 2015 - 03:43 PM

Thanks, Wonko!

 

I went to Google and switwched this "feature" off. >> works!

 

On the other hand I would be interested "Who" marked "What" as phishing suspect content.

Any way to find out"?

 

Peter



#5 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 08 September 2015 - 04:10 PM

On the other hand I would be interested "Who" marked "What" as phishing suspect content.

Any way to find out"?

I don't think there is a "who" at all, it's some automagic scanning engine, the "what" and "where" (exactly) as said is not available :(.

And more generally the issue with "dynamic" pages (ads that are provide by third parties) there is no way that one can even reproduce/find the issue only a few minutes later, on 911cd.net the ads are (I believe) exclusive to the good guys @idera (which are the owners of the domain) so I would tend to exclude that in this case it is ad related.

But (just as an example) it can happen that a spammer posts a malicious link and if the scan by google happens before an Admin or Mod removes the link or hides or deletes the offending post the whole site is tagged as "malware" because of a single page (that actually is not reachable anymore because of the subsequent Admin/Mod intervention) :frusty: 

 

:duff:

Wonko



#6 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 09 September 2015 - 07:58 AM

Interesting conversation.

 

From a software perspective, we have just as much (if not more) stuff that would be labelled as malicious. Plus, we do mass emails, have security related discussions and tools to break stuff. From that perspective, we are much more of a target than 911CD but nothing happened.

 

I wonder if this really has to do with the fact that we have ads run by google while 911CD does not. In Europe, Google is under fire for listing higher the sites from where it can make more profit. Wouldn't be surprised if later we discover that they're marking these "rebel" sites as malicious just to scare away visitors.



#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 09 September 2015 - 12:48 PM

Nahh, I don't think so, the issue (as with anything automagically generated by machines) is that there is a (low usually) probability of a mistake.

 

And then we go into the same generic issue with assistance (with *any*) product.

 

If you have a very low failure rate, then the cost of effective, working, human powered assistance will (should be) trifling, but surely if you do not provide *any* human powered assistance you will save quite a few bucks.

 

This is what google - generally speaking - do, they provide any number of "free" (computerized) services and then provide NO assistance whatsoever for them.

 

In the case of a "service" like this it is more or less like a trial where you have no defense and you are directly sentenced (by this superior entity).

 

The real serious issue (as I see it) is that the good Mozilla guys actually use it, I had greater expectations from them but since several years each and every release of the stupid Firefox browser becomes worse and more "aligned" (in a bad sense) to the "establishment" or majority.

 

BTW the 911cd site is "normally" listed as result of a Google search the warning only appears once you click on the link (provided in this case by Google themselves) and actually try to access the site.

 

 

:duff:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users