• All Community
    • All Community
    • Forums
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos2 Stats

Rating that should probably be amended on Safe Web…

Hello all,

Recent message delineated as spam indicates something to the effect of, “You have a missed ‘whatsapp’ message.  When i hovered over the clickable, it was not for say an mp3 audio file, rather, a .html extension.  [Have to be careful with those, virus payload could be on the way…]  Funny how it was under the guise of a ‘whatsapp’, i think i was just recently talking about the merits of that with someone here recently…

Anyway, in performing further investigation of the domain revealed, both Quttera AND Sucuri indicate malware:

In the above, although the page is clipped, it looks as though Sucuri indicated eight [8] traceable malware.  Quttera indicates more, however:

Looks like twenty-two [22] malicious files. 

Whereas, Safe Web (gotta’ love it) indicates the good ol’ green check of approval…

Perhaps Norton should add this Kobber.com.br to their auto-block list to even prevent navigation to the site while Safe Web fixes their rating.  Not for nothing, but, we really need Safe Web's scanning power to become stronger. 

Normally, i wouldn’t be so animated, however, when you have two [2] separate external scanners indicating malware, chances are, something should change.  I just don't want people getting stung here.

Regards,

H.B. 

Replies

Kudos0

Re: Rating that should probably be amended on Safe Web…

(Grumbles to self) Rating still not amended...

Well, i did my part, like i've said in the past, where it goes from there, God only knows...

Kudos1 Stats

Re: Rating that should probably be amended on Safe Web…

Hello Hammer Bro

I will notify Safe Web about your thread as soon as I finish this post.

Please stay tuned to this thread for a response from the Safe Web Team on Thursday night after midnight EDT.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit 2004 N 360 22.20.5.39 Chrome latest version.
Kudos1 Stats

Re: Rating that should probably be amended on Safe Web…

Hello H B

I will notify Safe Web again about this thread.

Please stay tuned to this thread for a response from the Safe Web Team on Sunday night after midnight EDT.

Have a Nice Day and

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit 2004 N 360 22.20.5.39 Chrome latest version.
Kudos0

Re: Rating that should probably be amended on Safe Web…

So, here it is almost a month later and Safe Web still gives this Kobber site a green approval stamp:

https://safeweb.norton.com/report/show?url=kobber.com.br

And....

Quttera is STILL indicating that the site is malicious:

would @Administrators like to say anything? 

Kudos1 Stats

Re: Rating that should probably be amended on Safe Web…

Hammer_Bro:
...Anyway, in performing further investigation of the domain revealed, both Quttera AND Sucuri indicate malware..In the above, although the page is clipped, it looks as though Sucuri indicated eight [8] traceable malware....

Hi Hammerbro:

Please see Dynamoo's 2015 blog entry Quttera Fails and Spews False Positives Everywhere about Quterra's backlisting of corporate sites like Cisco, VMWare, Sophos, CVE.MITRE, AVG, etc.

I re-scanned kobber.com.br today using the free Securi SiteCheck website scanner you mentioned in your original post.  Today's scan results at https://sitecheck.sucuri.net/results/kobber.com.br gave the site an overall rating of "Critical Security Risk" for multiple low risk detections for malware.generic_jsobfuscator?1.4 but Sucuri's description <here> for this generic JavaScript Obfuscator detection is fairly innocuous and states that "this obfuscator is used by quite a few legitimate scripts...":

Free remote website scanners offered by Quettera, Sucuri and other website cleaning services do not have direct server access and are prone to false positive detections. They are useful for flagging possible issues for site owners (and for general guidance for users visiting the site) but most are essentially marketing tools used to promote paid web cleaning services.  I have no idea if Kobber Food Service's Brazilian website is clean or infected but I wouldn't base a Norton Safe Web review on scan results from one of these free remote website scanners unless you're certain that the site is actually infected with malware.

Kudos0

Re: Rating that should probably be amended on Safe Web…

Hello once again lmacri,

How are you?  What i'm thinking is that if i had clicked that link from that cryptic unsolicited message, 99.99% sure it was a virus time-bomb.  That said, even outside of the results from Quttera/ Sucuri, it is interesting to note that three [3] engines from IPVoid have also blacklisted Kobber's IP.  Please see:

In scope of all this, i will maintain that Kobber is NOT safe and, Quttera/ Sucuri are on the mark, whereas (as usual) Safe Web misses the boat.  I have seen this troubling pattern for i don't know how many years.  Like i indicated earlier, i have done my part, whether Safe Web wants to play roulette with their frequenters safety is on them.

Sincerely,

H.B.   

Kudos1 Stats

Re: Rating that should probably be amended on Safe Web…

Hello H B

I am trying again with Safe Web.

Have a Nice Day and

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit 2004 N 360 22.20.5.39 Chrome latest version.
Kudos0

Re: Rating that should probably be amended on Safe Web…

Thank you, Floplot.

Kudos0

Re: Rating that should probably be amended on Safe Web…

Well, Kobber has finally come back clean according to Quttera:

It is interesting to note, that the suspicious link that i originally discussed above, has been scrubbed from the Kobber site.

I have also improved my rating for the site on Safe Web.  Please keep in mind, that that could change at any given time.  I will also take some time once more to express my disgust with the way administration handled this.  Fine, the site appears to be clean so Safe Web's "Green Approval" rating is okay now, however, that was not always the case, and, Safe Web did not make one iota worth of effort to change the rating to caution or red.  That decision, could have been catastrophic for users during that perilous time.  When contributors such as myself and others are taking time out of their day to highlight insufficient ratings on Safe Web (especially with the evidence i had here) i believe it is in the interest of Safe Web employees to take immediate action to course-correct. 

Take care,

H.B.         

Kudos1 Stats

Re: Rating that should probably be amended on Safe Web…

Hi H.B.

...Kobber has finally come back clean according to Quttera...

It may also be because we now have a 404 error on this relevant page.


This may explain why the site is clean again.

See you.

Guillaume1024

Kudos0

Re: Rating that should probably be amended on Safe Web…

Hi Guillaume,

When i directly visited the site, the malicious page with "brunchesi" whatever the heck that is (laughs) seemed to be removed, and, although the page was in a different language (probably Spanish) i believe it was directing me back to the Homepage.  It could very well be the case that that page was the hitch, however, in the testing, seemed like much more was found.  Perhaps they hired an outside firm to "clean up" their site. 

Before i go, would this happen to be you over on Safe Web: https://safeweb.norton.com/profile/Guillaume%201024

If so, interesting... i believe i found Soul recently as well in addition to Waldo (laughs) ;-)  Did you happen to get that pm i sent you?  In the event that it didn't go through, congratulations on attaining the rank of forum guru.

All the best,

H.B. 

This thread is closed from further comment. Please visit the forum to start a new thread.