Websense hacked? or FP?

Discussion in 'malware problems & news' started by Chato, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    By visiting hxxp://websense.com/securitylabs/alerts/alert.php?AlertID=792 the AV (Bitdefender) alerted for
    Generic.Peed.Eml.FAAAB75F which is the generic detection for e-mails sent by Peed (aka Storm, Nuwar, Peacom, etc).
    According to the AV, the malware is located in:
    websense.com/include/jsbin/i2a.js
    Screenshot

    Of course I'm very curious if this is a new spreading-method of Storm or is it a FP?
     
    Last edited: Jan 30, 2008
  2. stephanc

    stephanc Registered Member

    Joined:
    Jan 31, 2008
    Posts:
    1
    Hi Chato,

    Stephan here from Websense Security Labs, I took your post very seriously and analyzed the file in question as well as any revisions to it in the past few months, It was indeed a false positive for the AV engine, the js file in question is NOT malicious.

    Thanks,
    Stephan Chenette
    Manager, Websense Security Labs
     
  3. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    Thanks for your reply, Stephan.

    Yesterday I sent you (Websense) an e-mail about this and I was waiting for a respons.:doubt:
    But now you maked it clear that this is a FP. Thanks for that.

    I'll send a mail to Bitdefender because of this False Positive. ;)

    Regards

    Chato
     
Loading...
Thread Status:
Not open for further replies.