False positive malware warning on CBS News site

Hang out, sip some ice tea, and shoot the breeze with TR regulars.

Moderators: emkubed, Captain Ned

False positive malware warning on CBS News site

Postposted on Mon Feb 04, 2013 4:22 pm

Just got this:
Image
Apparently Netseer's corporate web site got hacked. But they also use the same domain to serve out banner ads, so any site that is part of their ad network also triggers the malware warning. (Chome/Chromium apparently use a domain blacklist.)

More info: http://www.thestreet.com/story/11831193 ... tseer.html

Amusingly enough, there's a link in that The Street article to another related article on ZDNet; but the ZDNet article (as of right now) is triggering the very malware warning the article is about!
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36900
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: False positive malware warning on CBS News site

Postposted on Mon Feb 04, 2013 5:36 pm

:(

just when I felt that false positives were behind us. forget gun control, where is the virus control act!!! :)
shaq_mobile
Gerbil Elite
 
Posts: 550
Joined: Wed Jul 16, 2008 1:33 pm

Re: False positive malware warning on CBS News site

Postposted on Tue Feb 05, 2013 9:53 am

just brew it! wrote:Just got this:
Apparently Netseer's corporate web site got hacked. But they also use the same domain to serve out banner ads, so any site that is part of their ad network also triggers the malware warning. (Chome/Chromium apparently use a domain blacklist.)


But if they got hacked is it a false positive?

I personally am annoyed by the number of exploits that my AV/IS blocks. Pretty much every single one is linked to a banner ad.
Arvald
Gerbil Team Leader
Silver subscriber
 
 
Posts: 290
Joined: Tue Sep 27, 2011 11:14 am
Location: Gerbil-land, Canada

Re: False positive malware warning on CBS News site

Postposted on Tue Feb 05, 2013 10:13 am

Arvald wrote:
just brew it! wrote:Just got this:
Apparently Netseer's corporate web site got hacked. But they also use the same domain to serve out banner ads, so any site that is part of their ad network also triggers the malware warning. (Chome/Chromium apparently use a domain blacklist.)

But if they got hacked is it a false positive?

I personally am annoyed by the number of exploits that my AV/IS blocks. Pretty much every single one is linked to a banner ad.

The explanation I'm seeing is that the ad network's public web site got hacked, so as long as you don't navigate directly to their site you should be fine. The banner ads they serve are coming out of the same domain, but their ad servers are (allegedly) not affected by the hack. The browser is triggering the warning based on the domain name, without regard for whether the file(s) being served are really infected or not.

At least that's what they're saying publicly. Depending on your level of paranoia you can ignore (or not ignore) your browser's warning as you see fit.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36900
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer


Return to The Back Porch

Who is online

Users browsing this forum: Captain Ned, cynan, Exabot [Bot], Flying Fox, Google Adsense [Bot], jordan199, Majestic-12 [Bot] and 5 guests