TR Forums

Personal computing discussed
https://techreport.com:443/forums/

False positive malware warning on CBS News site

https://techreport.com:443/forums/viewtopic.php?f=1&t=86363

Page 1 of 1

False positive malware warning on CBS News site

Posted: Mon Feb 04, 2013 5:22 pm
by just brew it!
Just got this:
Image
Apparently Netseer's corporate web site got hacked. But they also use the same domain to serve out banner ads, so any site that is part of their ad network also triggers the malware warning. (Chome/Chromium apparently use a domain blacklist.)

More info: http://www.thestreet.com/story/11831193 ... tseer.html

Amusingly enough, there's a link in that The Street article to another related article on ZDNet; but the ZDNet article (as of right now) is triggering the very malware warning the article is about!

Re: False positive malware warning on CBS News site

Posted: Mon Feb 04, 2013 6:36 pm
by shaq_mobile
:(

just when I felt that false positives were behind us. forget gun control, where is the virus control act!!! :)

Re: False positive malware warning on CBS News site

Posted: Tue Feb 05, 2013 10:53 am
by Arvald
just brew it! wrote:
Just got this:
Apparently Netseer's corporate web site got hacked. But they also use the same domain to serve out banner ads, so any site that is part of their ad network also triggers the malware warning. (Chome/Chromium apparently use a domain blacklist.)


But if they got hacked is it a false positive?

I personally am annoyed by the number of exploits that my AV/IS blocks. Pretty much every single one is linked to a banner ad.

Re: False positive malware warning on CBS News site

Posted: Tue Feb 05, 2013 11:13 am
by just brew it!
Arvald wrote:
just brew it! wrote:
Just got this:
Apparently Netseer's corporate web site got hacked. But they also use the same domain to serve out banner ads, so any site that is part of their ad network also triggers the malware warning. (Chome/Chromium apparently use a domain blacklist.)

But if they got hacked is it a false positive?

I personally am annoyed by the number of exploits that my AV/IS blocks. Pretty much every single one is linked to a banner ad.

The explanation I'm seeing is that the ad network's public web site got hacked, so as long as you don't navigate directly to their site you should be fine. The banner ads they serve are coming out of the same domain, but their ad servers are (allegedly) not affected by the hack. The browser is triggering the warning based on the domain name, without regard for whether the file(s) being served are really infected or not.

At least that's what they're saying publicly. Depending on your level of paranoia you can ignore (or not ignore) your browser's warning as you see fit.
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/