V3.co.uk store flagged as malware site by Google

Discussion in 'malware problems & news' started by acr1965, Jul 29, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Interesting that Google Safe Browsing today flags the v3.co.uk store as a malware site.
     

    Attached Files:

    • v3.jpg
      v3.jpg
      File size:
      71.9 KB
      Views:
      11
    • v3a.jpg
      v3a.jpg
      File size:
      151.7 KB
      Views:
      8
    • v3b1.jpg
      v3b1.jpg
      File size:
      77.9 KB
      Views:
      575
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    acr1965, I just went to URLVoid and asked it to re-scan v3.co.uk (the report was a month old) - all clean.

    2010-07-29_205507.gif
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    It's still blocked for me. And now the diagnostic page shows:

    "Of the 7 pages we tested on the site over the past 90 days, 7 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-07-29, and the last time suspicious content was found on this site was on 2010-07-29."

    So it's been recently updated from 3 pages scanned.
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    acr1965, I assume you are using Google Chrome, yes? What version?

    In the meantime, can anyone else confirm acr1965's findings?
     
  5. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    It seems to be clean here. I also surfed from Google Chrome.:)
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Clean here too.
    Google Chrome V6 :rolleyes:
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I believe I have the latest stable version-
     

    Attached Files:

  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    OK, I used the same Portable version 5.0.375.125 (from PortableApps.com) and I can acces v3.co.uk without any issues.

    Also, went directly to this URL: http://www.google.com/safebrowsing/diagnostic?site=http://v3.co.uk and it says:

    What is the current listing status for v3.co.uk?
    This site is not currently listed as suspicious.

    What gives? :doubt:
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    try store.v3.co.uk
    http://www.google.com/safebrowsing/diagnostic?site=http://store.v3.co.uk

    My screen shows "listed as suspicious"

    I guess because google says the store page hosts malware the whole site is listed as suspicious.
     
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    acr1965, CONFIRMED! Both in my Portable Google Chorme and FF 3.6.8.

    No warnings with the main site v3.co.uk and its App Store tab. However, as soon as the store.v3.co.uk image is clicked, I see it!
     
  11. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Yep store.v3.co.uk is listed as suspicious... I saw that too. So, is it a FP..!!?
     
  12. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    sg09, at this time, it is not a False Positive! Heed the warning. Even URLVoid lists store.v3.co.uk as suspicious due to Google Diagnostic.
     
  13. CiX

    CiX Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    404
    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
     
  14. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    hmmm.....i get this9first screenie) in opera.... and this in chrome where kis says trojan d/l (second screenie)
     

    Attached Files:

  15. abu shofwan

    abu shofwan Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    358
    Location:
    Earth
    same result as you visit -http://www.v3.co.uk/downloads/-

    Malware detected :doubt:
     
    Last edited by a moderator: Jul 30, 2010
  16. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Looks all clear now. I wonder if this was a false positive or not.

    The google diagnostic page shows 7 pages with malicious downloads over the last 90 days (I think all 7 were yesterday). Yet the site is not listed as suspicious. How many other web sites can claim as many malicious downloads yet being given a clean bill of health by google?
     

    Attached Files:

    • v3.jpg
      v3.jpg
      File size:
      88.2 KB
      Views:
      438
    Last edited: Jul 30, 2010
  17. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    acr1965, I believe your thread proves that future visitors to this v3.co.uk site need to be aware of the site's malware history and surf it very carefully. Thanks for bringing this matter to everyone's attention. :thumb:
     
  18. chriswiles

    chriswiles Registered Member

    Joined:
    Mar 27, 2010
    Posts:
    209
    As the manager of the "downloads" section on v3.co.uk and, of course, the store, I can reassure you there is no history of malware associated with the site.

    The problem with running any software downloads site, however, is that it's all-too-easy to receive a false positive or for someone to simply report either a page or a site as malware.

    Ironically someone malicious can easily claim your site is malicious by reporting it here: http://badwarebusters.org/community/submit

    What happened in the case of store.v3.co.uk is that someone reported a script as malicious, thus any site using that script was flagged as "potentially damaging to your computer" through Google. Only Firefox and Google warned, however, as these browser now use the stopbadware.org database - also used by Google - which is a user-powered database.

    The Google warning lasted a few hours - as soon as we were notified, we asked them to run a report on the site(s) and they were immediately flagged as clean and malware-free, which they were in the first place.

    It's really worrying that these warnings end up causing debates as they are unnerving to many users. Flagging up malicious site warnings after users reporting the site as containing malware, doesn't always prove to be a reliable benchmark.

    V3.co.uk is part of Incisive Media. Incisive Media are one of the largest UK publishers and responsible for Computing, Computeractive, TheInquirer and many other websites.

    Chris Wiles
    Incisive Media
     
  19. chriswiles

    chriswiles Registered Member

    Joined:
    Mar 27, 2010
    Posts:
    209
    On a sidenote, we're in discussion with Kaspersky to sign up to their forthcoming "Trusted Source" scheme where they run a periodic scan on files we host and, in return, we can display a "Kaspersky Trusted" logo.

    The Kaspersky scheme goes live in September.

    Problem is, this only applies to files we host and, like any downloads site, most links are provided directly by the software developer. It also will not take in to account any (reported) malicious script, as affected our store.

    Chris.
     
  20. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    Chris Wiles, we appreciate your comments and the steps you are taking to ensure that your store is clean. Keep in mind that Wilders can not control what Google reports, and when a member posts a potential malware site, it is our duty and responsibility to check it out, in order to prevent less experienced members from possibly getting infected.

    In your store's case, whether it was a false positive or not, we had to exercise caution and warn our members. Thank you for posting and letting Wilders know what was happening. You are always welcome to post any pertinent information, should the same thing happen again.
     
  21. chriswiles

    chriswiles Registered Member

    Joined:
    Mar 27, 2010
    Posts:
    209
    Many thanks.

    In a twist of irony, we're giving away a full version of a tier-1 brand security app this coming Thursday, through the V3.co.uk Software Store. I'll announce this on Monday.

    Chris.
     
  22. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Why does Kaspersky alert?
     
  23. chriswiles

    chriswiles Registered Member

    Joined:
    Mar 27, 2010
    Posts:
    209
    It shouldn't do. Can you check for me? We can't replicate that here. Let me know if you do and which version of Kaspersky IS.

    We have direct contact with Kaspersky as we're joining their "Trusted Source" scheme in September.

    Our assumption is that someone received a warning about this script on the store and reported it as "malicious" which then led to the badware-powered Google warning :(

    The script drives the promo images on the store.

    Chris.
     
    Last edited: Aug 8, 2010
  24. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I don't run kaspersky right now and I was just making a comment based on the pic posted by kasperking above. Maybe he can supply info from the kaspersky log regarding the alert if it's still available.
     

    Attached Files:

    • kav.jpg
      kav.jpg
      File size:
      16.5 KB
      Views:
      242
  25. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    I can confirm that Kaspersky no longer reports store.v3.co.uk.
     
Loading...
Thread Status:
Not open for further replies.