Author Topic: False positives and exploits which are undetected  (Read 178370 times)

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #60 on: July 19, 2013, 09:59:19 AM »
http://app.webinspector.com/public/reports/15883573
Only blocked by Google Safeweb.  :P
This time the malware is activated.  >:-D
Always Thank You~ :-*

PS.: Comodo's Proactive Protection is best :-TU beautiful :-TU

[attachment deleted by admin]
« Last Edit: July 19, 2013, 10:05:38 AM by Gaige »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #61 on: July 20, 2013, 09:19:44 AM »
http://app.webinspector.com/public/reports/15906419

Only detected by Google Safeweb.  :P
Now, Malware is activated.  ;D


[attachment deleted by admin]

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #62 on: August 03, 2013, 08:15:16 AM »
Hi~
Only detected by google safeweb.
This time, malware is activated.
Thank you~ :-*

http://app.webinspector.com/public/reports/16188599
http://app.webinspector.com/public/reports/16188621


[attachment deleted by admin]

Offline Slav

  • Comodo Member
  • **
  • Posts: 29
Re: False positives and exploits which are undetected
« Reply #63 on: August 05, 2013, 05:56:18 AM »
Thanks for your feedback, Gaige!
Could you please  send environment of your pc ? I'm interesting in java version, flash version etc.  I'll try to get infected with your's version of software. To protect your privacy you can pm me.
« Last Edit: August 08, 2013, 04:44:40 AM by Slav »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #64 on: August 24, 2013, 09:18:27 AM »
http://app.webinspector.com/public/reports/16571074

Siteinspector didn't find it.
I think mal download server is blocked by Gov-secure-center.

Thank you.
ps. The samples are submited.  :a0
ps2. Doesn't Siteinspector have 'Behavior Detection System'?  ;D


[attachment deleted by admin]
« Last Edit: August 25, 2013, 04:28:39 AM by Gaige »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #65 on: August 25, 2013, 04:23:07 AM »
http://app.webinspector.com/public/reports/16588913

Only detected by Google safeweb.
This time. The exploits&Drive-by-download are activated.  >:-D

ps. Mal urls are always changed.  :P


[attachment deleted by admin]
« Last Edit: August 25, 2013, 04:28:12 AM by Gaige »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #66 on: August 25, 2013, 12:41:27 PM »
Hello~

http://app.webinspector.com/public/reports/16598006

This time. Malware is activated.  88)
Always Thank you~  ;D

ps. The malware has been removed by Comodo cloud scanning(Behavior Blocker).  :-TU :-TU :-TU :-TU :-TU :-TU
But Site-inspector didn't detect it.  ???

[attachment deleted by admin]
« Last Edit: August 25, 2013, 12:51:01 PM by Gaige »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #67 on: August 25, 2013, 01:16:26 PM »
http://app.webinspector.com/public/reports/16598747

gesomoon.com = Normal Safe Website.
gesomoon.co.kr = Fake Phishing Website => Malware is Activated.

Only detected by Google Safeweb.

[attachment deleted by admin]

Offline spywar

  • Malware Research Group
  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 9560
Re: False positives and exploits which are undetected
« Reply #68 on: August 25, 2013, 01:18:07 PM »
Many thanks Gaige for all those feedbacks  :-TU
« Last Edit: August 26, 2013, 01:26:15 PM by spywar »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #69 on: August 28, 2013, 01:45:59 PM »
Hello~ ;D

http://app.webinspector.com/public/reports/16673478

- This time, Drive-by-Downloads is activated.
- Site_inspector didn't detect it.
  
Thank you~ ;D

Full link:
h :P :P p://dvdprime.donga.com/bbs/view.asp?major=MD&minor=D1&master_id=23&bbsfword_id=&master_sel=&fword_sel=&SortMethod=&SearchCondition=&SearchConditionTxt=&bbslist_id=2358082&page=1

[attachment deleted by admin]
« Last Edit: August 28, 2013, 01:57:42 PM by Gaige »

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #70 on: August 31, 2013, 08:18:13 AM »
Hi.  ;D

Siteinspector Result:
http://app.webinspector.com/public/reports/16743478

Full link:
hxxp://dvdprime.donga.com/bbs/view.asp?major=MD&minor=D1&master_id=23&bbsfword_id=&master_sel=&fword_sel=&SortMethod=&SearchCondition=&SearchConditionTxt=&bbslist_id=2360879&page=1

This time, Malware is activated.
Thank you~ ;D

ps. The exploit removes my iE-temp-folders.  :P :P :P :P :P :P :P

[attachment deleted by admin]

Offline Gaige

  • Comodo Loves me
  • ****
  • Posts: 160
Re: False positives and exploits which are undetected
« Reply #71 on: September 10, 2013, 10:24:54 AM »
Hi  ;D
http://app.webinspector.com/public/reports/16993969
(currently time)

Siteinspector always doesn't detect these.  ;D
And.. The exploits&malwares don't work in Virtualmachines. :o
After the malware deletes self.
So 'Behavior Blocker' can't submit(auto) these malware samples. ;D
'Comodo Behavior Blocker' needs improve that strong grab/catch the malwares. (for auto-submit samples) >:-D

ps. My english is bad. sorry. :'(

[attachment deleted by admin]
« Last Edit: September 10, 2013, 10:29:13 AM by Gaige »

Offline Slav

  • Comodo Member
  • **
  • Posts: 29
Re: False positives and exploits which are undetected
« Reply #72 on: September 10, 2013, 10:57:45 AM »
Thanks again for your feedback, Gaige! Your English level is enough to understand you.  :-TU Yes, we know, that some malware use different tricks to catch and escape virtual environment. I guess this is one of those  :'(   . And yes, it would be great to auto-upload malware samples and links they come from. CIS is a different product so I can't make promises here. We'll check this link with our internal tools. Stay tuned...

Offline AngryW3bmaster

  • Newbie
  • *
  • Posts: 1
Re: False positives and exploits which are undetected
« Reply #73 on: October 12, 2013, 02:32:36 AM »
We would be grateful for any information about false positives and exploits which are undetected by SiteInspector detection engine.

Thank you for all your feedbacks which help us to improve the detection technology.

Dear Sirs,

I have repeatedly send E-mail enquiries regarding false positives in your Site Inspector to your sales[at]comodo.com E-mail address.

But so far I have not received any response from you.

My website has for a long period of time been listed on the Virustotal.com site inspection list as "malware".

Now since I am the website owner and also the owner of the software that is being sold via that website, I know the there is absolutely nothing malicious about neither the website, nor the sofware that is available from the website.

I have hundres of satisfied customers each year and I have the documentation to prove it as well (my sales numbers on Paypal alone would make it evident that people have no problems with my trial software and so purchase the full version).

I again urge you to re-review my website and fix this false positive since your disclosure of this information may hurt my business.

Below you can see a copy of the Virustotal scan list, and as you can see Comodo is the only scanner which rates my site as malicious:


Webadresse Skanner    Resultat
ADMINUSLabs    Clean site
AlienVault    Clean site
Antiy-AVL    Clean site
Avira    Clean site
BitDefender    Clean site
C-SIRT    Clean site
CLEAN MX    Clean site
Comodo Site Inspector    Malware site
CyberCrime    Unrated site
Dr.Web    Clean site
ESET    Clean site
Fortinet    Unrated site
Google Safebrowsing    Clean site
K7AntiVirus    Clean site
Kaspersky    Clean site
Malc0de Database    Clean site
Malekal    Clean site
MalwareDomainList    Clean site
MalwarePatrol    Clean site
Minotaur    Clean site
Netcraft    Unrated site
Opera    Clean site
ParetoLogic    Clean site
Phishtank    Clean site
Quttera    Clean site
SCUMWARE.org    Clean site
SecureBrain    Unrated site
Sophos    Unrated site
SpyEyeTracker    Clean site
Sucuri SiteCheck    Clean site
URLQuery    Unrated site
VX Vault    Clean site
Websense ThreatSeeker    Clean site
Wepawet    Unrated site
Yandex Safebrowsing    Clean site
ZDB Zeus    Clean site
ZeusTracker    Clean site
zvelo    Clean site

Please tell me what information or actions is required to fix this issue.

Thank you.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26198
Re: False positives and exploits which are undetected
« Reply #74 on: October 13, 2013, 03:57:29 PM »
Could you post the url to the CSI report of your website here? To get the report start at http://app.webinspector.com/ ,fill in your site and wait for the report. Then publish the link.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek