Websense hacked? or FP?

Discussion in 'malware problems & news' started by Chato, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    By visiting hxxp://websense.com/securitylabs/alerts/alert.php?AlertID=792 the AV (Bitdefender) alerted for
    Generic.Peed.Eml.FAAAB75F which is the generic detection for e-mails sent by Peed (aka Storm, Nuwar, Peacom, etc).
    According to the AV, the malware is located in:
    websense.com/include/jsbin/i2a.js
    Screenshot

    Of course I'm very curious if this is a new spreading-method of Storm or is it a FP?
     
    Last edited: Jan 30, 2008
  2. stephanc

    stephanc Registered Member

    Joined:
    Jan 31, 2008
    Posts:
    1
    Hi Chato,

    Stephan here from Websense Security Labs, I took your post very seriously and analyzed the file in question as well as any revisions to it in the past few months, It was indeed a false positive for the AV engine, the js file in question is NOT malicious.

    Thanks,
    Stephan Chenette
    Manager, Websense Security Labs
     
  3. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    Thanks for your reply, Stephan.

    Yesterday I sent you (Websense) an e-mail about this and I was waiting for a respons.:doubt:
    But now you maked it clear that this is a FP. Thanks for that.

    I'll send a mail to Bitdefender because of this False Positive. ;)

    Regards

    Chato
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.