malware on Adobe.com, Eset.com, and certain popular commercial websites?

Discussion in 'malware problems & news' started by 072707, Nov 10, 2012.

Thread Status:
Not open for further replies.
  1. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Recently I was thinking about downloading software from Adobe.com. So, I briefly glanced at the Google Safe Browsing Diagnostic page for adobe.com before visiting that website. Google Safe Browsing has ( https://google.com/safebrowsing/diagnostic?site=adobe.com ) to say about adobe.com.

    I have seen such, apparently, bad Google Safe Browsing results for the websites of very well known commercial entities many times before and, most of the time, I am confused by those results.

    Indeed, even though I have not connected my Windows XP machine to the Internet since about 2008 I find myself really confused when I see, according to Google Safe Browsing results, ( https://google.com/safebrowsing/diagnostic?site=eset.com ) that Internet Security company Eset.com's website is affected by 10 trojans and, again according to Google Safe Browsing, suspicious content was found on Eset.com as recently as a few days ago.

    Way back when I last used my Windows XP machine for Internet access, in 2008 or so, it felt, to me, like I had thoroughly researched Eset's Nod32 before I decided it was probably the best product I was going to find for my XP machine, at that time. I mean I really did a lot of research, some of which is probably evident in a few of my old posts in these forums. So, remembering my experience with eset from all those years ago, it seems odd, to me, that they would have a website infected with malware and so forth, especially considering they are a somewhat well known computer security products company.

    I am not a Google "fanboy" or "fangirl", but I continue to believe that I can trust Google Safe Browsing results. Am I misinterpreting the results, is Google Safe Browsing not adequately explaining what the results mean, or is Google Safe Browsing wrong?

    Incidentally, McAfee SiteAdvisor usually has nothing bad to report about the aforementioned kinds of websites, at all. Does McAfee SiteAdvisor do a better job than Google Safe Browsing or is SiteAdvisor wrong in such cases? http://www.siteadvisor.com/sites/adobe.com http://www.siteadvisor.com/sites/eset.com

    note: I think I know, at least partially, why sites such as Opera.com ( https://google.com/safebrowsing/diagnostic?site=opera.com ) or, even, Google.com ( https://google.com/safebrowsing/diagnostic?site=google.com ) have bad Google Safe Browsing results, but I still end up confused when McAfee SiteAdvisor says something completely different about http://www.siteadvisor.com/sites/opera.com and http://www.siteadvisor.com/sites/google.com. To be clear, I do not think I would feel adequately protected using a McAfee antivirus product on my computer.

    note: I do, usually, try to remember to add the additional domains associated with "malicious software" identified by Google Safe Browsing to my hosts file(s). If I decide I do need to download something from adobe.com I will email their support regarding Google Safe Browsing's findings, before I actually go ahead and download anything; I guess they will, if they reply, have an adequate explanation.
     
    Last edited: Nov 10, 2012
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    They sound like more false positives by Google Safe Browsing to me... ;)
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I visit a blog at ESET.com every day with Safari, and Safari in return is using data from Google safebrowsing that warns when you try to visit a bad website. And I haven't seen a warning when visiting ESET.com ever, not even during the last 2 weeks, go figure.....:)
     
  4. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Thanks, fax and SweX, for commenting.

    I have been curious about this Google Safe Browsing issue for a long time. It usually seems obvious that the additional domains where "malicious software is hosted" and intermediary domains "for distributing malware" that Google Safe Browsing lists on the Safe Browsing report for a particular website are bad.

    For example, https://google.com/safebrowsing/diagnostic?site=adobe.com lists https://google.com/safebrowsing/diagnostic?site=indesigning.net/ https://google.com/safebrowsing/diagnostic?site=niklih.ftpserver.biz/ https://google.com/safebrowsing/diagnostic?site=vzwsvoxkrprlqppo.waw.pl/ and https://google.com/safebrowsing/diagnostic?site=ozykufc.lflinkup.org/ as related to malicious software and malware on adobe.com. Personally, I can not think of a circumstance where I would knowingly directly visit websites with names like those. I really do believe they are dangerous, but, again, I find it really confusing that McAfee SiteAdvisor finds no problem with websites that Google Safe Browsing indicates are really bad, malicious, etc..

    Anyway, now, as in the past, I do not believe Google or McAfee support would reply at all if I asked them about this issue, at least not with a meaningful response that explains why this issue occurs; so, I guess it will remain something I do not understand. Maybe it has something to do with ads, or something similar, being served on websites like adobe.com or eset.com, or maybe it is false positives on Google Safe Browsing's part or false negatives on McAfee SiteAdvisor's part.

    Thanks again, fax and SweX, for commenting.
     
  5. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The pages for both adobe.com & eset.com return 'clean' results i.e. it states they're currently not listed as suspicious.
     
  6. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Thanks for commenting.

    Google Safe Browsing says suspicious content was found on Eset.com as recently as just a few days ago, on November 18, and it says some part of Adobe.com was engaged in suspicious activity on 3 separate occasions in the past few months.

    If true, then, I would not consider such sites to be safe for me to use, especially after seeing the list of malicious software and activity Google Safe Browsing says has affected the sites. Look at it this way. If you and your "extended community" lived, worked, and played in a certain sea for, say, the last 17 years without ever being harmed by, or even encountering, extremely poisonous jelly fish, until the last 8 months, when 18 people have been critically wounded by jelly fish that have been reported in numerous locations previously devoid of them, would you consider it safe to continue swimming and playing, with your children, in the water there? I would not.

    Adobe is a significant company, with extensive resources. Eset is a somewhat well known manufacturer of antivirus and other computer security software. A website is simply software that runs on a remote computer, right? If Adobe or Eset, suddenly, can not prevent their website from being affected by malicious software, then, I might avoid visiting their websites or using their products for, fundamentally, the same reason I would stop, after 17 years, riding my paddle board in waters that, suddenly, are full of potentially deadly jelly fish.

    I have always considered myself a sensible computer user with, although I hate to use the word, lots of "respect" for computer viruses, trojans, etcetera. Simply put, malicious software can ruin a computer and, in the process, cost the computer user, and even his/her friends and associates, lots, in terms of money and resources. Further, and maybe more importantly, I do not possess anywhere near a software engineer's level of understanding of how my computer(s) works; so, I, preemptively, try to do everything I can to avoid getting into a situation where my computer gets "broken", whether by malicious software, spilled grape juice, or otherwise, because I know very well I lack time, money, resources, and knowledge, to quickly act to fix any crisis.

    Indeed, one of the first things I did when I got an intel apple mac computer was reinstall the operating system and install antivirus and a third party firewall on it. On more than one occasion I went into an apple store and was ridiculed and laughed at by apple store staff(fan boys and girls?) who, apparently, were more interested in deriding me and discouraging me from buying security software than they were with selling me, a customer, what I wanted to buy from the apple store. I remember wondering what apple's shareholder's would have said if they knew apple staff was trying to dissuade customer(s) from buying what the apple store has for sale. Just as there are, I think, past posts, of mine, on WildersSecurity.com that support what I say about always trying to be a preemptively secure computer user there is also probably more than one apple forum where old posts of mine, again, show an apple user, myself, being "attacked" for merely doing research and inquiring about security products and maintenance procedures for a mac computer. I happened to be just smart enough, however, to know that, historically, the relationship between mac computers and malware has more to do with market share and, likely, "behind the scenes business maneuvers" than some esoteric attribute that makes macs invulnerable.

    Another case in point; I had, for some considerable time, been telling an associate of mine that she probably should take certain security precautions when using the public wifi at a location that, over the years, has gained quite a reputation as a "hangout" for geeks, technology buffs, "yuppies", and college kids. One day she happened to mention that she and some of her friends had begun receiving a lot of odd email, weird phone calls, etcetera. Somehow I got on the subject of her wifi use and I reminded her that she should take more security precautions when using wifi at the aforementioned location or, at the very least, not log in to certain accounts while connected to the Internet via that wifi. Sometime later I was on the telephone with her when she got a phone call from a friend. She took so long to switch back to me that I assumed she had forgotten I was on the telephone; so I hung up. When I finally spoke to her again she said her friend was upset because a certain online service that her friend pays for has closed her account saying she was trying to "break?" their network, etcetera, and they will not refund her money. She said her friend does not know how to hack anything. I asked her if it was one of the friends she told me was getting odd emails and so forth. She said yeah; so, I asked her does her friend use the same wifi I had told her to be careful about. She said yeah. I believe her friend's account(s) was breached, via the wifi, by someone(s) who knows very well how to hack something.

    I reminded my associate that she should probably not open her email client or log into online accounts, at all, when she is using that public wifi. She said she gets a lot of work done there and the Internet there is really fast. I told her I think she should use a Virtual Private Network(VPN) whenever she uses that public wifi.

    I use http://www.securitykiss.com/. Many years ago, when I first started using 2 monitors with my computer, I kind of lamented how quickly I became "hooked". For me a 2 monitor setup really is a "step up", especially in terms of productivity, when using a computer. The increased productivity is so great that when I go mobile I actually bring a 2nd monitor to use with my laptop; I can not think of any drawback, for me, that trumps being able get so much more done. The SecurityKiss VPN I use, apparently, does the DNS lookup process inside the virtual private tunnel as well, which means I am not going to do more research into using a separate DNS encryption app as long as I am using SecurityKiss VPN. SecurityKiss VPN, surprisingly, seems just as fast, if not faster, as my regular Internet connection; so, now I am kind of lamenting becoming "hooked" on using a VPN, which I believe is a significant step up, especially in terms of security. I have always recognized the benefit in "layered protection, just like wearing layered clothing to protect against cold weather. SecurityKiss VPN kind of feels like I have layered another firewall over my computer system while online and I like that.

    Here is the thing, I find it odd that Adobe.com, Eset.com, Comodo.com, and others, would be identified by Google Safe Browsing as "aiding and abetting" malicious software at all; so, I am concerned enough that I would want to know what the issue is, whether that be blatant malware, user generated content malware, ads, or false positives. I have indirectly inquired to Google and Comodo since starting this thread, but, as I expected beforehand, it does not seem like they will respond.

    I think, in the past, there was a time, when Internet access was still relatively new for the average computer user, public wifi access was virtually non-existent, and cell phones were not expected to surf the Internet and do email, where you could buy antivirus, set it up, then, pretty much forget about the prospect of getting infected. Unfortunately, especially for the average computer user, I believe we are now approaching a time where, in addition to making use of antivirus, firewall, VPN, and "software behavior profiling", it will be necessary to pay attention to various aspects of one's technology use that, while appearing innocuous on the surface, may have a high likelihood of concealing attack entry points and vulnerability exploits. I.E, packet sniffing WiFi traffic can be accomplished with easily obtainable, relatively user friendly software, third party ads and user generated content on the websites of highly regarded commercial institutions may lead to malware (https://www.wilderssecurity.com/showthread.php?t=336536), payment processing technology at, even, huge national retailers can be subverted (http://www.usatoday.com/story/money/business/2012/10/24/barnes-noble-credit-debit-tampering/1653943/), etcetera. So, for me, that means not necessarily trusting that Adobe.com is safe just because a huge company owns it, especially when Google is trying to tell me otherwise, that means not assuming my PINS, bank accounts, and private information is safe just because the local Barns & Noble store is clean and comfortable and the cashier smiled at me. For me that means asking around at places like WildersSecurity.com; especially, when the big companies "involved" do not seem willing to give me an answer, when I am concerned about security issues related to them.

    For me that means it is probably up to me to "step up" my level of protection, because the government probably does not care, since they seem to want to establish a means to copy and monitor every single bit and byte of my private information anyway(http://www.salon.com/2012/05/06/surveillance_state_democracy/, http://news.cnet.com/8301-13578_3-57552225-38/senate-bill-rewrite-lets-feds-read-your-e-mail-without-warrants/) and because "US-based anti-virus vendors ... would on purpose leave a backdoor in their anti-virus products to allow ... a spying program to work" (http://www.zdnet.com/blog/hardware/can-you-trust-your-antivirus-solution-to-protect-you-against-governmental-backdoors-and-lawful-interception-police-trojans/15280). For me that means being slightly more curious than just saying, "Aw, it is probably nothing", when my privacy, data, and security is at stake.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,738
    Location:
    Texas
    I would simply submit what you posted here to the various companies named.

    It would be interesting to know the "suspicious" content as well.
     
  8. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Thanks, ronjor, for commenting.

    I contacted Google and Comodo via social media saying, "Google says suspicious content was found on http://Comodo.com today ... http://google.com/safebrowsing/diagnostic?site=comodo.com …". I have yet to receive any response.

    I guess I should try contacting them directly, by email, next ...

    I encounter this "suspicious" content warning from Google Safe Browsing so very often that I want a definitive answer, as well. Should I not trust the website of whatever big company(adobe, eset, comodo, and on and on ...) that is being reported on or should I not trust Google Safe Browsing? I.E., do not trust the watcher or do not trust the watched?
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,738
    Location:
    Texas
    Without knowing what Google keys on, it's impossible to answer.
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Sounds like google is having a Paranoia nervous breakdown and flagging false positives.
     
Loading...
Thread Status:
Not open for further replies.