hey guys
try to go to http://www.downthemall.net/ today and avast blocked it… any idea why?
hey guys
try to go to http://www.downthemall.net/ today and avast blocked it… any idea why?
Interesting, In investigating this, I initially got an alert, but after just getting an update it is not detected any more.
I would gather that this means that it was a false positive and the detection has been corrected. (Definitions: 100625-0)
Report 2010-06-16 04:06:57 (GMT 1)
Website downthemall.net
Domain Hash e72f9bcffaf1f18666e98879ec5610d3
IP Address 62.149.128.72 [SCAN]
IP Hostname mxd4.aruba.it
IP Country IT (Italy)
AS Number 31034
AS Name ARUBA-ASN Aruba S.p.A. - Network
Detections 1 / 18 (6 %)
Status SUSPICIOUS
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan DETECTED
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee Trusted Source CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN
Rescan of today…
Report 2010-06-25 13:39:02 (GMT 1)
Website downthemall.net
Domain Hash e72f9bcffaf1f18666e98879ec5610d3
IP Address 62.149.128.72 [SCAN]
IP Hostname mxd4.aruba.it
IP Country IT (Italy)
AS Number 31034
AS Name ARUBA-ASN Aruba S.p.A. - Network
Detections 0 / 19 (0 %)
Status CLEAN
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN
Hi Epsi and spg SCOTT, Asyn
Yes, Asyn, URLVoid has its status as suspicious, because of a finjan detection. But the detection is now legit, go to finjan here: http://www.finjan.com/Content.aspx?id=574 And then check for yourself, never take things for granted, do not trust anything, that is a great lesson I have learnt.
The requested URL was analyzed and found legitimate
The latest for the Fx extension is here: http://bugs.code.downthemall.net/trac/wiki/NightlyBuilds
But with these sites and services one should always be cautious, they can come packed with malcode, however here the site can be soon cleansed, see its history: http://www.computerworld.com/s/article/9063239/Firefox_3.0_s_malware_blocker_whacks_access_to_popular_add_on_sites
http://www.msfn.org/board/topic/114403-my-hijackthis-log/
http://blog.mozilla.com/dolske/2008/02/17/user-perception-of-safebrowsing/ (issue in 2008)
So check and check these downloads again and again,
greets, your anti-malware fighting friend,
pol
VirusTotal - downthemall.net.htm - 0/41
http://www.virustotal.com/analisis/422fc14b66076672a9dd5f63026fd9cf8e5cf1672a6d2dfaec91eda0bb4a79a0-1277466062
Hi D.,
I already posted a rescan of today… (see above)
Btw, congrats to your team…!!!
asyn
Just went there now and everything worked again. thanks guys
You’re welcome…!
asyn
What is wormnet PSP…??
Which servers are you refering to…?
asyn