Hi forum friends,
Trying to open a thread on the virus and worms I got several firekeeper alerts for
[quote] === Triggered rule ===
alert (msg:“The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information”; url_content:“http://dl.dropbox.com/”; reference:url,www.malwarepatrol.net; fid:351119; rev:20130217211250;)
=== Request URL ===
http://dl.dropbox.com/u/73555776/wintoboot.JPG ]/quote]
=== Triggered rule === alert (msg:"The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information"; url_content:"http://dl.dropbox.com/"; reference:url,www.malwarepatrol.net; fid:351119; rev:20130217211250;)Looking at a particular avast webforum virus and worms thread’s website code, I saw this being flagged:=== Request URL ===
http://dl.dropbox.com/u/73555776/usb%20progress.JPG
327: < div class="signature" id="msg_888359_signature"> < img src="htxp://i1224.photobucket.com/albums/ee362/Essexboy3/ebunite.png" alt="" width="180" height="45" class="bbc_img resized" /> < br /> < br /> < img src="[b]htxps://dl.dropbox.com/u/73555776/EBInstructor-1_zpsd39d31dc.jpg[/b]" alt="" width="178" height="42" class="bbc_img resized" /> < /div>
This because I had fed my firekeeper with the aggressive Malware Patrol block list rules and some of them triggered an alert for an image from essexboy’s dropbox.
So this time a false alarm ;D
Why dropbox in other cases could mean a possible threat and why it has an IDS flag, read here: http://www.techrepublic.com/blog/security/dropbox-convenient-absolutely-but-is-it-secure/5618 (link article author = Michael Kassner)
By the way glad to have my special flaw of firekeeper in the browser! Even when it acted a bit over-exaggerated…
polonus