Discussion in 'ESET NOD32 Antivirus' started by bradtech, Aug 10, 2009.
Is this a new definition that was pushed? Had about 7 machines this machine email in with it..
We have seen about 3 or 4 machines today (out of 130) with this alert. It looks like a false positive to me, but I could be wrong.
Could you please email some in a password protected archive to samples[at]eset.com?
I've been seeing a whole bunch. I've tried contacting ESET with no luck... but we should expect that I guess. Do you think this is an FP? Should we be worried?
Also,the logs are catching this from some reputable sites too which is odd. Which is why i am thinking it is an FP.
I don't have a sample. Is it ok to post the link to the pages it's catching it on?
lots of legit websites are being hacked and a iframe is inserted to redirect the user to another page to download a malicous file.
Are there more hacks today then there were yesterday? I'm seeing this come from sites like 411.com and whitepages.com
They could be FP's thou.
Nothing strange going on when i visit those sites here with the security i use.
I've submitted two examples from one of the machines to the address requested above. Hope that helps.
the links are pretty deep into 411.com and whitepages.com i didn't want to post the direct link to avoid cross contamination.
Post them inactive
here are the inactive links... change hxxp: to http:
one more quick update. I was speaking with one of my users who I know does not surf any crazy sites and he told me got the error when he was browsing to boston.com or possibly the wallstreetjournal.com or wsj.com These sites are pretty reputable. So I am starting to think this is a FP.
It is actually http://afe.specificclick.net/ that is blocked . It (its IP) has been placed on the list with sites with potentially dangerous content . I can't comment if this site deserves or deserves not to be blocked .
This does look like it could be a FP. I am noticing it from several of our machines here. It appears to be triggered by ads on legit websites. all the links I am seeing look like they have something to do with afe.specificclick.net. The links always reference the site where they came from. One example i have seen from whitepages.com
This site is what some might call a trackig cookies site - like doubleclick.
The site will be removed from the blacklist, but it'll be added again if another piece of malware turns out to be exploiting it.
From my HOSTS File
Hope this helps.
adopt.specificclick.net #[Ad-Aware.Tracking.Cookie] <=
Mine all come from
The number goes from  to  on some machines..
It is unable to clean them...
I've been getting phone calls about this all morning, on vrbo.com and other news sites, definitely related to specificclick.net ads, but is a false positive as I'm not seeing any exploit code on those actual links, just a netflix ad in one case
Are people still receiving these warnings? I keep getting them fairly often.
Last one was 26 minutes ago..
08-10-2009 14:20:03 "2:20" PM CST...
Still getting alerts. Any idea on a timeline for the next update?
Separate names with a comma.