Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1468 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware Infected Website

kheiren

I tried to access the sample website that has been reported as malware contain website, however when I tried to access the said site, How come Sophos cannot detect that the website has malware and even downloading files are not blocked? I got a notification from my browser that the download content is not safe but you have the option to save the file,

you can try to access this address to test.

http://dl-byte.com/chrome/chrome_11.0.696.68.exe



Fake website: It is using the name of Microsoft.

can you please include this site and any related url to be blocked under Live URL Filtering feature? thanks




:15563


This thread was automatically locked due to age.
  • 0

    Hello kheiren,

    as this thread suggests use submit a file sample to send the URL and write you want it to be scanned in the Why do you want to send this sample? box (you might additionally submit one of the files).

    Christian

    :15565
  • 0

    After replying I have submitted the URL and also a sample from the site. About half an hour ago I received the reply with the analysis results.

    As of now the site is already blocked as High Risk. In addition I have received the following information:

    Thank you for contacting Sophos Technical Support.

    **Please note that this is an automated response. If you have any questions, require assistance or clarification on this analysis, please feel free to reply to this email quoting this case number in the subject line.**

    The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.

    • firefox_5.0.1.exe -- identity created/updated (New detection Troj/FakeAV-EKQ)
    • 3.tmp -- identity created/updated (New detection Troj/FakeAV-EKQ)
    • 2.tmp -- identity created/updated (New detection Troj/FakeAV-EKS)
    • Security Protection.lnk -- non-malicious
    • defender.exe -- identity created/updated (New detection Troj/FakeAV-EKS)
    • Suspicious site.txt -- non-malicious
    • firefox_5.0.1.zip -- archive file

    The sample I've kept is also already detected as Troj/FakeAV-EKQ (note that 3.tmp, 2.tmp and defender.exe would have been created had I run the firefox_5.0.1.exe).

    So - whenever you encounter something suspicious please send in a sample.

    Christian

    :15581