To Customer Support To Customer Support

webroot protection insufficient for internet explorer

S
Rank
Userlevel 1
malicious attacked not got caught by webrrot in ie latest version...
i visit
https://www.300mbmoviess.com
 you have too much malicious attack but this is isn't getting blocked
//
same is blocked in chrome
steps to produce
1. open ie with webroot extensions enabled....
2.go here 
https://www.300mbmoviess.com
3.click anywhere in page
4.you will get malicious popup which is not getting blocked in ie but in chrome same is blocked


 
In ie webroot is unable to catch this....
can we have idea@webroot threat research team

36 replies

Baldrick
Rank
Userlevel 7
Hi jackadision
 
Welcome to the Community Forums.
 
Thank you for your contribution.
 
Unfortunately whilst your views on the subject are fine (not that we would agree with them as we recommend that if WSA cannot deal with an infection then users should open a support ticket to avail themselves of professional assistance from the Webroot Support Team), your posting of a link to a 3rd party product (or one purported to be) is contrary to the Community Guidelines (please see HERE for these).
 
Regards, Baldrick
 
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
J
In order to deal with malware infection and protect your web browser you need a professional malware removal tool. This tool will allow you to get rid of any kind of malicious attack without need of any sacrifice.  
 
Symptoms of Ripper Infection
  • Computer will start behaving unpredictably
  • You will receive unexpected operating system error messages
  • BSoD Errors in Windows
  • Slow computer performance
  • Programs will display “Not Responding” error messages
 
For more: <URL snipped as posting contrary to Community Guidelines>
M
Rank
@ wrote:
To Webroot Community Admin & Mods,
 
> here's a notion
When I post content that violates Community Guidelines
Delete content
...and perhaps send a PM to the poster explaining why they felt obligated to do this, with helpful guidelines as to how to avoid the situation in future?
J
Userlevel 7
 
I concur with JP.
Whilst I agree that @bjm_'s screenshot post was not clear and initially confusing (at least for me), and also agree that it is generally not advisable to post screenshots of potential malware links on this Forum, I do feel that these reactions are a bit over the top (...as if: "We think this poster might be a troll, so let's immediately jump on him :@" ).
My feeling is that this kind of thing does no favours to this (otherwise very friendly) Forum.
Just my 2 cents worth (not asking people agree with me. Just expressing my opinion) ;)
Thanks for the great input,@Muddy7 :catwink:
 
We encourage everyone to share their opinions here on the Community, so long as they do it in a respectful manner that is not degrading to any other user.
 
Let's assume that everyone here has the best intent in their heart and not post responses that can lean towards sarcastic.
B
Rank
To Webroot Community Admin & Mods,
 
> here's a notion
When I post content that violates Community Guidelines
Delete content
> no need for theatrics
😉
S
Rank
Userlevel 1
guys relax.........
i have opened support ticket and they are able to produce problems on their test machine with internet explorer as a browser @
so it was a problem with webroot extension on internet explorer....
 
don't give classic replies(like automated system generated)
M
Rank
@ wrote:
What is the point your trying to make? You just post pictures???? If your Malware testing we ask you not to posts topics on such things
@ wrote:
In my humble opinion you are helping no one but yyourself...
@ wrote:


I concur with JP.
Whilst I agree that @'s screenshot post was not clear and initially confusing (at least for me), and also agree that it is generally not advisable to post screenshots of potential malware links on this Forum, I do feel that these reactions are a bit over the top (...as if: "We think this poster might be a troll, so let's immediately jump on him :@" ).
My feeling is that this kind of thing does no favours to this (otherwise very friendly) Forum.
Just my 2 cents worth (not asking people agree with me. Just expressing my opinion) ;)
B
Rank
@ wrote:
If you run into malicious URLs that are not blocked, you can submit a URL Categorization Change Request to have it classified as a Malware Site.
 
-Dan
this redirect from https://www.300mbmoviess.com/ here > http://secure.16rd0117.xyz/performance/bdv_rd.dbm?enparms2=9861,1801078,2447233,9812,9815,14711,10022,0,0,9816,0,1798001,469636,11667,116517107239,190348704,nlx.hhvrelnyn003&ioa=0&ncm=1&bd_ref_v=www.bidvertiser.com&TREF=1&WIN_NAME=&Category=1000&ownid=608956-407753552&u_agnt=&skter=yn003%2Bhvreln%2Bwzlomdlw%2Bvviu%2Bnoru%2Blrwfz%2Bozfw%2Bwzlomdlwyn003%2Bvreln%2Boofu&skwdb=ooz_wvvu  < is BrightCloud rated Suspicious.  I land on the redirect page with no indication of Suspicious.
this redirect from https://www.300mbmoviess.com/ here > http://free.videodownloadconverter.com/index.jhtml?partner=HJxpu684&s2=-2327324556252805479&s1=608956 is BrightCloud rated Suspicious.  I land on the redirect page with no indication of Suspicious.
Should I request 300mbmovies.com as Malware Site or each rated Suspicious as Malware Site.
J
Userlevel 7

Baldrick
Rank
Userlevel 7
In my humble opinion you are helping no one but yyourself...the URLs of these sites are discernable from the screenshots and could induce a user who knows no better to try them out. As Dan has posted...if you have some sites that are suspicious or the like then submit a reprutation change request.
 
That is the correct thing to do.
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
B
Rank
@ wrote:
@ wrote:


What is the point your trying to make? You just post pictures???? If your Malware testing we ask you not to posts topics on such things so please read this:
 
Please read this:
I've added relevant content to this topic.  I am not malware testing.  
Posted pictures are related, relevant, timely content added to this thread as well intended Help for Webrooters.
My contributions to this thread are addressed to the opening post/poster and the Webroot Community. 
 
 
If you feel the need to admonish me in public, to correct in your VIP capacity some erroneous perceived Community misconduct.  What is the point you're trying to make?  
 
 
 
 
B
Rank
@ wrote:
If you run into malicious URLs that are not blocked, you can submit a URL Categorization Change Request to have it classified as a Malware Site.
 
-Dan
posted screenshots are redirects from https://www.300mbmoviess.com/
 
since Dan posted
quote:
We are evaluating the risks of the popups not currently being under blocked categories, however we confirm that there is no discrepancy in behavior between browsers, the different behavior depends on the URL contained in the popup. end quote
 
I've added relevant content (redirects) to this topic.  
 
 
DanP
Rank
Userlevel 7
Badge +35
If you run into malicious URLs that are not blocked, you can submit a URL Categorization Change Request to have it classified as a Malware Site.
 
-Dan
Webroot Threat Research
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:


What is the point your trying to make? You just post pictures???? If your Malware testing we ask you not to posts topics on such things so please read this:
 
"From the Community Guidelines: https://community.webroot.com/t5/Announcements/Webroot-Community-Guidelines/td-p/2

 
No Private Testing Discussions.
"We do not condone private malware testing by end-users.  This is never a good idea, and in some areas it's actually illegal.  The whole point of antivirus software is to not get infected, and unfortunately when somebody sets a bad example, there will always be others who are influenced into following the same path.  It's not something we want to allow to be encouraged."
 
The reality is that it requires a very talented professional to so this safely, otherwise there exists huge risks of damage not only to your own computer but also a risk of releasing the malware to others. The average user is simply not safe in attempting this, yet discussion regarding it would encourage others to try it, with potential disasterous results.
 
Think of it like a beginner PC tech working from home with no real training or experience. How often have we heard stories of a PC being brought to the 'kid next door' to be worked on with disastrous results? Plenty!
 
We always advise that general users never attempt hardware repair on their own due to the risks, and the same holds true here.
 
This Forum, provided by Webroot, is designed with the average user in mind, to help them with day to day problems using the software, just as many PC troubleshooting forums sponsored by the PC manufacturers do not go into the technical areas of hardware repair.
 
We therefore are asking you to remove any references regarding the testing of malware and refrain from doing so in the future. But we are also happy to answer any questions, that conform to these guidelines. If you have some specific details of malware tests that you wish to present and/or query with Webroot then this is best done directly rather than here, and can be accomplished by Opening a Support Ticket, which will most probably be passed to one of Webroot's professional Threat Researchers for review & progressing.
 
Thank you for your understanding and co-operation in this matter."
B
Rank

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
webroot can have lookup here to update brightcloud...they have ransomware domain list too and update it according to virustotal
 
<url snipped as inappropriate>
WSA has much more senors:
 
 

 

 
S
Rank
Userlevel 1
webroot can have lookup here to update brightcloud...they have ransomware domain list too and update it according to virustotal
 
<url snipped as inappropriate>
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
We have tested the URL https://www.300mbmoviess.com/ on our VMs, the popup URLs change not only from browser to browser, but also each time you access the website again.

We are evaluating the risks of the popups not currently being under blocked categories, however we confirm that there is no discrepancy in behavior between browsers, the different behavior depends on the URL contained in the popup.
 
-Dan
Thanks Dan!
 
Daniel 😉
DanP
Rank
Userlevel 7
Badge +35
We have tested the URL https://www.300mbmoviess.com/ on our VMs, the popup URLs change not only from browser to browser, but also each time you access the website again.

We are evaluating the risks of the popups not currently being under blocked categories, however we confirm that there is no discrepancy in behavior between browsers, the different behavior depends on the URL contained in the popup.
 
-Dan
Webroot Threat Research
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
myself want to clarify that malicious popup/phishing should be blocked by webroot in internet explorer as this was blocked in chrome/firefox
Please Submit a Support Ticket so they can get the said Website from you and they will look after it for you and see if there is an issue as to why it's not blocked in IE! Can you post the link so we can check it? @ @
 
Thanks,
 
Daniel 😉
S
Rank
Userlevel 1
myself want to clarify that malicious popup/phishing should be blocked by webroot in internet explorer as this was blocked in chrome/firefox
B
Rank
@ wrote:
 
That's odd. I don't get a page block from Webroot at all in Firefox, either. It goes straight to the site. Here's the site in my Google search returns.
 


I don't know. There are obviously differences based on user's individual setups. But as Baldrick has stated. You're still protected from any malicious payload should anything try to execute. Personally, I would just use a different site as that one appears very problematic. I avoid any site that forces popups, popunders, etc. But that's just me. Everyone has there own preference and opinion. ;)
 
BD
 
from opening post
-----------------------------------------------------------
quote
steps to produce
1. open ie with webroot extensions enabled....
2.go here 
https://www.300mbmoviess.com
3.click anywhere in page
4.you will get malicious popup which is not getting blocked in ie but in chrome same is blocked
--------------------------------
FWIW ~ I reproduced redirect and subsequent page block w Firefox and Chrome (yesterday) by clicking on open area in 300mbmovies page header.  
 
(sorry about edits.....impaired vision)
B
Rank
Hello again -
 
We have reviewed 300mbmoviess.com/ and have updated the site to a reputation score of 21 per your suggestion. This change is now published in the BrightCloud Service and is available in Database version 5.144.
 
Thanks again for your suggestion!
- Webroot BrightCloud Threat Intelligence Support
Nemo
Rank
Userlevel 7
Badge +34
Well spotted eagle eyes! 😃
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Someone please post the correct URL to the Blocked site! This is not the correct URL showing in the Blocked pages posted: https://www.300mbmoviess.com
@
 
03/29 21:37:40:693 2716 Info: UrlCat Ticks=157 Br= [{"URL":","BCRI":80,"ALCAT":0,"RTAP":0,"BLK":0,"REF":1]https://www.300mbmoviess.com/","CAT.CONF":["30.90","78.90"],"BCRI":80,"ALCAT":0,"RTAP":0,"BLK":0,"REF":1}]
03/29 21:37:42:087 2716 Info: OPERATION_PHRESHFISH Handle=00000C74 RESET
03/29 21:37:42:324 2716 Info: OPERATION_GETCONFIG Br=
03/29 21:37:42:324 2716 Info: Browser: Firefox
03/29 21:37:42:362 2716 Info: UrlCat Ticks=0 Br= [{"URL":","BCRI":80,"ALCAT":0,"RTAP":0,"CACHED":1,"BLK":0,"REF":1]https://www.300mbmoviess.com/","CAT.CONF":["30.90","78.90"],"BCRI":80,"ALCAT":0,"RTAP":0,"CACHED":1,"BLK":0,"REF":1}]
03/29 21:37:42:491 2716 Verbose: PhreshPhish to server request
03/29 21:37:42:753 2716 Info: PhreshPhish Score=1 Ticks=344 Phish=0 White=0 Url=https://www.300mbmoviess.com/
03/29 21:37:42:753 2716 Info: PHISH Br= [{"ISPHIS":0,"ISWHT":0,"SCORE":1}]
 


 


 
03/29 21:45:16:819 2716 Info: Browser: Firefox
03/29 21:45:17:877 2716 Info: OPERATION_PHRESHFISH Handle=00000C74 RESET
03/29 21:45:21:097 2716 Info: UrlCat Ticks=94 Br= [{"URL":","BCRI":10,"ALCAT":1,"RTAP":0,"BLK":1,"BLKREASON":57,"EXTRA":"","REF":1]https://budgement.info/","CAT.CONF":["57.70"],"BCRI":10,"ALCAT":1,"RTAP":0,"BLK":1,"BLKREASON":57,"EXTRA":"","REF":1}]
03/29 21:45:21:423 2716 Info: OPERATION_PHRESHFISH Handle=00000C74 RESET
 
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.