What the..?!

Posts: 59
Joined: Sun Feb 01, 2009 7:05 pm

A badware warning does not mean a company turned on anyone

Post by JustAMom » Mon Feb 02, 2009 1:38 am

It doesn't matter one iota what the who-is lookup says, or how reputable the business / site is. Any website can either be compromised or be a victim of 3rd party content that is not what they expected. Revolving network ads are frequently the cause of a warning being placed on a site. Until those ads are pulled and no longer in rotation, the site places visitors in danger.

Just because they are innocent victims does not mean that a site should not be flagged. If there is a problem, even at the hands of the bad guys, the public needs to be protected until the problem is resolved. They should not adopt a false sense of security and ignore the warning just because the site is "reputable."

Posts: 1097
Joined: Fri Jun 22, 2007 12:40 am

I'm not sure what you're not getting

Post by wehaveitall » Mon Feb 02, 2009 2:50 am

It wasn't compromised, the who-is PROVES its the SAME OWNER. I'm not sure what you don't understand about that.

And BitDefender has no ads whatsoever on their website, nor are there links to third party websites. All of their links point to pages on their own website.

The website is safe, and the warning WAS removed. It was a mistake.

A big thank you to all the WOT staff

Posts: 59
Joined: Sun Feb 01, 2009 7:05 pm

I don't get what YOU don't understand

Post by JustAMom » Mon Feb 02, 2009 3:26 am

My comments are not about whether or not the site was compromised or whether or not it was ever a danger to anyone. My comments are related to the idea being expressed here that one can tell from who-is data and "reputation" whether or not it is even feasible that a site could have been compromised. This is displaying a false sense of security.

The examples I gave were not examples that I felt were specific to this particular site. They were general examples of the number of ways that a legitimate, reputable site could be in a situation that would cause a legitimate warning.

Who-is data might be one factor used to suggest that a site may be fly-by-night and should be approached with caution. However, who-is data is not a good factor to determine that a warning is false.

The trust factor in social engineering is one thing that gets people into trouble on the internet. That same trust factor, that assumes that reputable sites cannot innocently become a part of the problem, is misplaced.

That said, I have not in any way indicated that I know (or care) one way or the other whether or not this particular instance was a false positive. My concern is when others lead people to believe that who-is data and reputation can be the final determination of whether or not a site flagged by Google is safe or not.

I can only assume from your naivety that, in your experience, the only sites you have heard about that cause redirects to fake antivirus sites or successfully download and install undesireable code are those that are truly attributed to the bad guys.

Apparently, you have never seen discussions about educational institutions and other reputable sites, that find that they have problems they didn't know about on their sites, that are causing visitors problems.

If you haven't already done so, I might suggest that you spend some time reviewing the material on the Stopbadware.org site and take a look at the discussions on the Badwarebusters.org forum sponsored by Stopbadware. It will give you a fresh look at your assumptions.

Posts: 1097
Joined: Fri Jun 22, 2007 12:40 am

Response to your comments

Post by wehaveitall » Mon Feb 02, 2009 3:52 am

The website has no redirects to third party websites, and was not compromised. No ads, and no new products or downloads. There was nothing to trigger the warning. If the website wasn't compromised, there's no links to third party websites, no ads, and no new products, then there's nothing that can cause this.

The way websites that are unaware of dangers on their own websites get those dangers, is when ads vary, links to other websites are either compromised, or dangerous links are irresponsibly put up.

The other way is when they recommend a download that is unsafe. BItDefender put nothing like this up, however, and there was nothing causing this warning.

A big thank you to all the WOT staff


I see your point, but . . .

Post by Guest » Mon Feb 02, 2009 9:50 am

Hey JustAMom,

I understand what you are saying, but being cautious about someone claiming a false positive is one issue (though Wehaveitall and several others found no evidence of a redirect in the underlying code of the site), but in this particular case it turned out to be EVERY site that was Googled . . . see Sami's and Spacequad's and Cam42's links.

An excerpt from Spaceguad's link:

"If you did a Google Internet search between 9:30 a.m. ET and 10:25 a.m. ET on Saturday, you likely were unable to access any website in the search results list."

While I agree that claiming a particular warning is a false positive may be in error, in this particular case not only did Google screw up EVERY site (and FF gets it's blacklist from Google), but Wehaveitall's due diligence was spot on.

If I was unfamiliar with Wehaveitall's level of experience or otherwise doubted someone's claim of a false positive, I agree with you . . . and I certainly wouldn't visit the site. But I think that if someone made a post here that was irresponsible or led users to visit a malicious site, Sami or someone else on the WOT staff would remove that post.

Posts: 59
Joined: Sun Feb 01, 2009 7:05 pm


Post by JustAMom » Mon Feb 02, 2009 4:26 pm

I fully understand what happened with all sites being flagged with a warning that day. I also know that this site was flagged by Google before the internet fiasco and the flag was not cleared until many hours after the shock-wave had settled down.

It's always easy in hindsight to validate a claim that something was safe, but the reality is that when the first comment was made about the safety of the site, it was said in relation to depending upon who-is data. That reference using who-is data was pure speculation and should have been addressed as such.

As long as other readers view this entire thread and realize that the who-is data should not be used to claim that something is a false positive, I will be a happy camper. I don't want to see others use this as an example of how someone should second guess the state of a site that has been flagged for badware.

Thank you for your comments, as it is refreshing to see that someone actually sees my point in this discussion.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests