Malware reported by Sucuri on landcheyenne

[Jicé]

Hi everybody,
I was checking "landcheyenne.com" [url=http://www.mywot.com/en/scorecard/landcheyenne.com t=_self] Scorecard [/url]when I discovered that Sucuri is reporting malware on this site.
http://sitecheck.sucuri.net/scanner/?scan=landcheyenne.com
I'm not a malware specialist, so I prefer to submit this to the community.
I provide you with these 2 screen captures.
Main site
[img]http://img513.imageshack.us/img513/464/landcheyenne.png[/img]
Forum
[img]http://img651.imageshack.us/img651/7558/landcheyenneforum.png[/img]

PS : The others security check sites that I did use, didn't report anything. Example : virus total : https://www.virustotal.com/url/58bf4f89d60b90aa5ad16d914bb77ae1c14b3759baddc60ddca41b8b9c90b0de/analysis/1330606257/

Thank you and be careful (But you know that!)

[Dutch Mountain]

I tend to believe Sucuri.
In the past they were the only ones who detected malware in "meetonearth.org"
Do you still remember ? ( I guess so, it was a flaming topic ).

To all : TAKE CARE !

[A.L.P.H.A.]

I don't know why this is happening, but I'm getting pretty much the exact same report for sites that are blatantly uninfected, like co.cc and cz.cc

The same URLs keep on coming up:

//404testpage4525d2fdc
//404javascript.js

I'm going to assume that Sucuri is having a problem, because I don't see how this can be right.

References:

http://sitecheck.sucuri.net/results/cz.cc
http://sitecheck.sucuri.net/results/co.cc

[Jicé]

@peterbosch : Of course I remember, "meetonearth.org". By the way, I finally upgrade my rating on this site.
Thank you,Peter , for your answer.

@ : Yes, it is perhaps a false positive. It's one of the reasons why I submitted this issue to the community.
One the other hand, on [url=http://www.mywot.com/en/forum/19118-problem t=_self]the case[/url] "meetonearth.org", sucuri was the only one site checker to detect the malware and it was really infected.
Thank you,DarkLaika , for your answer.

[@Anonymouse]

<quote user="jicé">
@peterbosch : Of course I remember, "meetonearth.org". By the way, I finally upgrade my rating on this site.
Thank you,Peter , for your answer.

@ : Yes, it is perhaps a false positive. It's one of the reasons why I submitted this issue to the community.
One the other hand, on [url=http://www.mywot.com/en/forum/19118-problem t=_self]the case[/url] "meetonearth.org", sucuri was the only one site checker to detect the malware and it was really infected.
Thank you,DarkLaika , for your answer.
[/quote]

So
May be Sucuri was correct as IMO sucuri has very rare FP rate.
I am unable to browse website though can't say anything.

VT and Sucuri are quiet different services though can't be compared.
One(Sucuri) is used to do a real time scanning not compares with any blacklists OTOH VT URL scan is actually don't scan website it just compare with various blacklists and submit samples to check.

[Dutch Mountain]

<quote user="darklaika">
I don't know why this is happening, but I'm getting pretty much the exact same report for sites that are blatantly uninfected, like co.cc and cz.cc

The same URLs keep on coming up:

//404testpage4525d2fdc
//404javascript.js

I'm going to assume that Sucuri is having a problem, because I don't see how this can be right.

References:

http://sitecheck.sucuri.net/results/cz.cc
http://sitecheck.sucuri.net/results/co.cc
[/quote]

You defenitly have a point here.
But Sucuri is NOT giving the same reports and the same URL's when I visit them.
Weird .......
It would be rather disappointnig if Sucuri wasn't reliable anymore.
This must be cleared, but to be honest I don't know how.
Who knows the way ?

[dremeda]

Hi there. That is not inaccurate.

The cc domains typically trigger an alert due to the high percentage of infected, malicious, and attack command and control domains associated with the domain extension. http://blog.sucuri.net/2011/06/google-blacklisted-all-the-cz-cc-domains.html

Sucuri has a pretty low false positive rate considering it does hundreds of thousands of scans daily.

Dre

[@Anonymouse]

<quote user="peterbosch">
You defenitly have a point here.
But Sucuri is NOT giving the same reports and the same URL's when I visit them.
Weird .......
It would be rather disappointnig if Sucuri wasn't reliable anymore.
This must be cleared, but to be honest I don't know how.
Who knows the way ?
[/quote]

@peter
Sucuri is in my trustworthy resources and I have seen very
Rarely fp at sucuri. Though I trust a lot and you can too.
I can be sure that website was infected because of which it is down atm.

Do u know its too hard to reply while you are travelling in a bus and a edge network is available for you to post.

Omg it takes too much time to post a reply.

[@Anonymouse]

<quote user="dremeda">
Hi there. That is not inaccurate.

The cc domains typically trigger an alert due to the high percentage of infected, malicious, and attack command and control domains associated with the domain extension. http://blog.sucuri.net/2011/06/google-blacklisted-all-the-cz-cc-domains.html

Sucuri has a pretty low false positive rate considering it does hundreds of thousands of scans daily.

Dre
[/quote]

Thanks for your response..
I was already in faith with it.
If specifically speak about co.cc domains these are blocked by most of av because of mostly co.cc domains ate involved in distribution of malware.

currently its difficult to say anything about the said website as it is currently not available.
See me previous post regarding this website.

[Dutch Mountain]

@ dremeda ( Sucuri ) and Anonymouse.
Situation is clear to me.
My trust in Sucuri is confirmed.
Thanks you both for the explanation.

And eh, Dremeda - Welcome on WOT.
Nice to know that you also follow our forum and also nice to have you here.
Peter