Malware reported by Sucuri on landcheyenne

Jicé
Posts: 329
Joined: Wed Feb 16, 2011 1:01 am

Malware reported by Sucuri on landcheyenne

Post by Jicé » Thu Mar 01, 2012 1:00 pm

Hi everybody,
I was checking "landcheyenne.com" [url=http://www.mywot.com/en/scorecard/landcheyenne.com t=_self] Scorecard [/url]when I discovered that Sucuri is reporting malware on this site.
http://sitecheck.sucuri.net/scanner/?scan=landcheyenne.com
I'm not a malware specialist, so I prefer to submit this to the community.
I provide you with these 2 screen captures.
Main site
[img]http://img513.imageshack.us/img513/464/landcheyenne.png[/img]
Forum
[img]http://img651.imageshack.us/img651/7558/landcheyenneforum.png[/img]

PS : The others security check sites that I did use, didn't report anything. Example : virus total : https://www.virustotal.com/url/58bf4f89d60b90aa5ad16d914bb77ae1c14b3759baddc60ddca41b8b9c90b0de/analysis/1330606257/

Thank you and be careful (But you know that!)

Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

RE: Malware reported by Sucuri on landcheyenne

Post by Dutch Mountain » Fri Mar 02, 2012 9:22 pm

I tend to believe Sucuri.
In the past they were the only ones who detected malware in "meetonearth.org"
Do you still remember ? ( I guess so, it was a flaming topic ).

To all : TAKE CARE !

A.L.P.H.A.
Posts: 173
Joined: Sun Aug 21, 2011 9:46 am

RE: Malware reported by Sucuri on landcheyenne

Post by A.L.P.H.A. » Fri Mar 02, 2012 10:04 pm

I don't know why this is happening, but I'm getting pretty much the exact same report for sites that are blatantly uninfected, like co.cc and cz.cc

The same URLs keep on coming up:

//404testpage4525d2fdc
//404javascript.js

I'm going to assume that Sucuri is having a problem, because I don't see how this can be right.

References:

http://sitecheck.sucuri.net/results/cz.cc
http://sitecheck.sucuri.net/results/co.cc

Jicé
Posts: 329
Joined: Wed Feb 16, 2011 1:01 am

RE: Malware reported by Sucuri on landcheyenne

Post by Jicé » Sat Mar 03, 2012 10:36 am

@peterbosch : Of course I remember, "meetonearth.org". By the way, I finally upgrade my rating on this site.
Thank you,Peter , for your answer.

@ : Yes, it is perhaps a false positive. It's one of the reasons why I submitted this issue to the community.
One the other hand, on [url=http://www.mywot.com/en/forum/19118-problem t=_self]the case[/url] "meetonearth.org", sucuri was the only one site checker to detect the malware and it was really infected.
Thank you,DarkLaika , for your answer.

@Anonymouse
Posts: 262
Joined: Thu Nov 24, 2011 7:23 am

RE: Malware reported by Sucuri on landcheyenne

Post by @Anonymouse » Sat Mar 03, 2012 11:20 am

<quote user="jicé">
@peterbosch : Of course I remember, "meetonearth.org". By the way, I finally upgrade my rating on this site.
Thank you,Peter , for your answer.

@ : Yes, it is perhaps a false positive. It's one of the reasons why I submitted this issue to the community.
One the other hand, on [url=http://www.mywot.com/en/forum/19118-problem t=_self]the case[/url] "meetonearth.org", sucuri was the only one site checker to detect the malware and it was really infected.
Thank you,DarkLaika , for your answer.
[/quote]

So Website Status: inactive
May be Sucuri was correct as IMO sucuri has very rare FP rate.
I am unable to browse website though can't say anything.

VT and Sucuri are quiet different services though can't be compared.
One(Sucuri) is used to do a real time scanning not compares with any blacklists OTOH VT URL scan is actually don't scan website it just compare with various blacklists and submit samples to check.

Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

RE: Malware reported by Sucuri on landcheyenne

Post by Dutch Mountain » Sat Mar 03, 2012 1:23 pm

<quote user="darklaika">
I don't know why this is happening, but I'm getting pretty much the exact same report for sites that are blatantly uninfected, like co.cc and cz.cc

The same URLs keep on coming up:

//404testpage4525d2fdc
//404javascript.js

I'm going to assume that Sucuri is having a problem, because I don't see how this can be right.

References:

http://sitecheck.sucuri.net/results/cz.cc
http://sitecheck.sucuri.net/results/co.cc
[/quote]

You defenitly have a point here.
But Sucuri is NOT giving the same reports and the same URL's when I visit them.
Weird .......
It would be rather disappointnig if Sucuri wasn't reliable anymore.
This must be cleared, but to be honest I don't know how.
Who knows the way ?


dremeda
Posts: 2
Joined: Sat Mar 03, 2012 2:14 pm

RE: Malware reported by Sucuri on landcheyenne

Post by dremeda » Sat Mar 03, 2012 2:14 pm

Hi there. That is not inaccurate.

The cc domains typically trigger an alert due to the high percentage of infected, malicious, and attack command and control domains associated with the domain extension. http://blog.sucuri.net/2011/06/google-blacklisted-all-the-cz-cc-domains.html

Sucuri has a pretty low false positive rate considering it does hundreds of thousands of scans daily.

Dre

@Anonymouse
Posts: 262
Joined: Thu Nov 24, 2011 7:23 am

RE: Malware reported by Sucuri on landcheyenne

Post by @Anonymouse » Sat Mar 03, 2012 4:22 pm

<quote user="peterbosch">
You defenitly have a point here.
But Sucuri is NOT giving the same reports and the same URL's when I visit them.
Weird .......
It would be rather disappointnig if Sucuri wasn't reliable anymore.
This must be cleared, but to be honest I don't know how.
Who knows the way ?
[/quote]

@peter
Sucuri is in my trustworthy resources and I have seen very
Rarely fp at sucuri. Though I trust a lot and you can too.
I can be sure that website was infected because of which it is down atm.

Do u know its too hard to reply while you are travelling in a bus and a edge network is available for you to post.

Omg it takes too much time to post a reply.

@Anonymouse
Posts: 262
Joined: Thu Nov 24, 2011 7:23 am

RE: Malware reported by Sucuri on landcheyenne

Post by @Anonymouse » Sat Mar 03, 2012 4:29 pm

<quote user="dremeda">
Hi there. That is not inaccurate.

The cc domains typically trigger an alert due to the high percentage of infected, malicious, and attack command and control domains associated with the domain extension. http://blog.sucuri.net/2011/06/google-blacklisted-all-the-cz-cc-domains.html

Sucuri has a pretty low false positive rate considering it does hundreds of thousands of scans daily.

Dre
[/quote]

Thanks for your response..
I was already in faith with it.
If specifically speak about co.cc domains these are blocked by most of av because of mostly co.cc domains ate involved in distribution of malware.

currently its difficult to say anything about the said website as it is currently not available.
See me previous post regarding this website.


Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

RE: Malware reported by Sucuri on landcheyenne

Post by Dutch Mountain » Sun Mar 04, 2012 1:22 pm

@ dremeda ( Sucuri ) and Anonymouse.
Situation is clear to me.
My trust in Sucuri is confirmed.
Thanks you both for the explanation.

And eh, Dremeda - Welcome on WOT.
Nice to know that you also follow our forum and also nice to have you here.
Peter

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests