acs.pandasoftware.com (Panda Security) infected??!!

Post Reply
Guest

acs.pandasoftware.com (Panda Security) infected??!!

Post by Guest » Wed Feb 02, 2011 6:38 pm

I was downloading the latest Panda Cloud Antivirus v 1.4 (for more information more see: http://blog.cloudantivirus.com/ ) and as usual I checked WOT scorecard and comments first

http://www.mywot.com/it/scorecard/acs.pandasoftware.com

According to Malware Patrol (see also http://www.malwarepatrol.net/stats.shtml )

Appeared on a list of malware distributors.

http://www.urlvoid.com/scan/acs.pandasoftware.com

http://www.google.com/safebrowsing/diagnostic?site=acs.pandasoftware.com (Clean)
http://safeweb.norton.com/report/show?url=acs.pandasoftware.com (Clean)
http://www.browserdefender.com/site/acs.pandasoftware.com/ (Clean)
https://zeustracker.abuse.ch/monitor.php?host=acs.pandasoftware.com (Clean)

Trend Micro Web Reputation Query - Online System
http://reclassify.wrs.trendmicro.com/wrsonlinequery.aspx
Web reputation result: This URL is currently listed as malicious.

VT URL analysis tool Result
http://www.virustotal.com/url-scan/report.html?id=861019e81b6dc5a24a3a18d753a1b562-1296665424


Firefox Clean site
G-Data Clean site
Google Safebrowsing Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site


Since I cannot access to a download directory I scanned the whole path link to the Panda Cloud Antivirus installer

Normalized URL: hxxp://acs.pandasoftware.com/cloud/PandaCloudAntivirus. exe
URL MD5: 861019e81b6dc5a24a3a18d753a1b562
Content-Type: application/octet-stream

http://www.virustotal.com/file-scan/report.html?id=66ea2217b9c51550dfecd1288df665a17e8aa753c2005a3da0fa3e1e1a24b727-1296669030
File name:
PandaCloudAntivirus.exe
Submission date:
2011-02-02 17:50:30 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)


Clean

Panda Security is also a partner of WOT
http://www.mywot.com/it/blog/163-wot-partners-with-panda-security

Since I hardly believe that Panda is engaged in the distribution of malware:

Can some security expert enlight me? Are there any recent incident reports?
Do Anyone know if Panda Security has been compromised or hacked?
Is that a false positive maybe?
I'm aware that Panda Cloud Antivirus comes with a undesiderable toolbar included, but it is not malware
(see: http://www.calendarofupdates.com/updates/index.php?showtopic=16109&st=280&p=106669entry106669 )

Thank you in advance for any possible reply






User avatar
Sami
Posts: 3506
Joined: Sat Oct 07, 2006 11:43 am

RE: acs.pandasoftware.com (Panda Security) infected??!!

Post by Sami » Wed Feb 02, 2011 7:00 pm

There are some additional details in the report from Malware Patrol. It's hard to say what happened, because the full URL is hidden. Could be a false positive too based on the low detection rate.

Guest

RE: acs.pandasoftware.com (Panda Security) infected??!!

Post by Guest » Wed Feb 02, 2011 7:31 pm

@ Sami
thank you for you fast and accurate reply
according to the link provided 3 antimalware on 43 detected a file called 183230 as infected
http://www.virustotal.com/file-scan/report.html?id=3db1586f24ebfae97edcea0c9067d3f8acbbd6f0ce58e34d20a008038b54a3dc-1296542619

as far as I know F-Prot and ClamAV are prone to false positive detections, I do not know about Commtouch

User avatar
Jazspeak
Posts: 3711
Joined: Fri Oct 17, 2008 4:20 pm

RE: acs.pandasoftware.com (Panda Security) infected??!!

Post by Jazspeak » Thu Feb 03, 2011 1:39 am

"F-Prot and ClamAV are prone to false positive detections"

I don't know about F-Prot (never used it) but I have found that Clam AV can seem to give a lot of false positives when the Potentially Unwanted Programs (PUP) detection is selected, and not when PUP detection is deselected..
~Music is not just for the Masses~

Guest

RE: acs.pandasoftware.com (Panda Security) infected??!!

Post by Guest » Thu Feb 03, 2011 5:09 pm

I don't know about F-Prot (never used it) but I have found that Clam AV can seem to give a lot of false positives when the Potentially Unwanted Programs (PUP) detection is selected, and not when PUP detection is deselected..

a good reason more to believe those detections are false positive.
Yahoo toolbar/Panda Security toolbar is not malware and can be unchecked during setup.
Not to count that only 3 antivirus on 43 detected as "malware" a file into a hidden directory, that's not enough to classify a whole website, a security related website, as engaded in the distribution of malware in my opinion

Guest

RE: acs.pandasoftware.com (Panda Security) infected??!!

Post by Guest » Sat Feb 05, 2011 7:35 pm

bumping for a reason
acs.pandasoftware.com

has been delisted

http://www.malwarepatrol.net/stats.shtml

http://www.malwarepatrol.net/cgi/search.pl?id=VzMyL0RhbWFnZWRfRmlsZS5CLmdlbiFFbGRvcmFkbw==

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests