ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Special User Sections > DC Website Help and Extras

Websense (Directly and via VirusTotal) - DonationCoder is Malicious

(1/3) > >>

BillR:
Random Idea - Maybe a simple way to submit every(?) page of a site to VirusTotal for evaluation?  Several tools will list all links and build a tree and VT has a simple API so I guess this would be primarily a script (with a 16 second delay between submits) and some parsing of the results to build a simple report.
I've also noticed that www.some-site-xyz.com and some-site-xyz.com will return different results in VT even when one redirects to the other.

---------
Websense (Directly and via VirusTotal) - DonationCoder is Malicious   :o

http://csi.websense.com/Report/Index/a41dab39-75a2-4b34-bb68-a2b8006ae41e#

https://www.virustotal.com/en/url/330ff3ba8305a1ec7c0183711e7599abe934365ae142c07c78183676344ba724/analysis/1390140476/

http://www.donationcoder.com/Software/Mouser/findrun/downloads/FindAndRunRobotSetup.exe

Requested reclassification as productivity software because:

FARR - Program launcher for MS Windows.
Other software is also available on donationcoder.com, much of it productivity related such as ScreenshotCaptor (enhanced print/capture screen) and JottiQ (MS Windows Explorer context menu extension to submit files to Jotti.org -- security productivity).

-----
File detected:   FindAndRunRobotSetup.exe
File threat classification:   Malicious
....
The Websense ThreatSeeker Intelligence Cloud is now reclassifying this URL due to the malicious file it drops. If you suspect someone from your organization went to this URL, inspect their machines for possible malware infection. The assessment overview below does not include the results of this file analysis.
-----
Scroll to the bottom to see FARR.exe analysis

mouser:
Thanks for the report.  Another false alarm by some lazy site -- FARR does no such thing.
Let me go look.

Notice that VirusTotal shows dozens of analyzers all report FARR as clean, only "Websense ThreatSeeker" has incorrectly listed it.

mouser:
Has anyone found a way to report a false positive to these Websense jokers?  It never ceases to amaze me how these security services have no problem classifying things as malware for no reason and then make it almost impossible to contact them to have it corrected.

rgdot:
What you can do if you feel a website has been incorrectly categorized.

Ask your Help Desk or IT administrator to change a website's category (they can override the Websense category). You can also suggest that Websense researchers reevaluate a categorization by e-mailing [email protected]
--- End quote ---

mouser:
thx rg

Navigation

[0] Message Index

[#] Next page

Go to full version