Closed Bug 1328191 Opened 7 years ago Closed 7 years ago

Malware false positive on emptyloop.com

Categories

(Toolkit :: Safe Browsing, defect, P5)

Product:
Toolkit
Component:
Safe Browsing
Platform:
Unspecified
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: david, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Error popup when blocking http://www.emptyloop.com/unlocker/
18.93 KB, image/jpeg
Details 
Windows 7 Ultimate SP1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 SeaMonkey/2.46
Preference variable browser.safebrowsing.malware.enabled set to True

I have been using the Unlocker application from the cited URI for many years.  Every so often, I visit that site to see if there is an update.  With SeaMonkey 2.46, my access is blocked with the malware popup seen in the attachment.  I can unblock it by changing browser.safebrowsing.malware.enabled to False, but that should not be necessary.  

With AVG Anti-Virus LinkScanner Surf Shield enabled, the site is not flagged as containing malware.
This site has been flagged as dangerous by Google (last updated on 2017-01-09):

> Current status: Dangerous
> 
> emptyloop.com/unlocker contains harmful programs.
> 
> Site Safety Details:
> 
> - Some pages on this website send visitors to dangerous websites.
> - Some pages on this website install malware on visitors' computers.
> - Attackers on this site might try to trick you into installing programs
> that harm your browsing experience (for example, by changing your homepage
> or showing extra ads on sites you visit).

See https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=http://www.emptyloop.com/unlocker/ for the full report.

Instructions for the site owner on how to clean their site are available here: https://www.google.com/webmasters/hacked/
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
The fact that Google thinks this is a dangerous Web site does not make it so.  The WebScanner component of AVG Anti-Virus does not think this site is dangerous.  I believe this to be a false-positive that, if not corrected, will cause users to disable Safe Browsing for malware sites (as I have done).  

I sent an E-mail to the owner of the site, suggesting that Google be contacted.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to David E. Ross from comment #2)
> I sent an E-mail to the owner of the site, suggesting that Google be
> contacted.

Thank you.

Since we get the list of malware/unwanted software from Google, that's the correct way to fix any false positives in the list.
Priority: -- → P5
(In reply to François Marier [:francois] from comment #3)
> (In reply to David E. Ross from comment #2)
> > I sent an E-mail to the owner of the site, suggesting that Google be
> > contacted.
> 
> Thank you.
> 
> Since we get the list of malware/unwanted software from Google, that's the
> correct way to fix any false positives in the list.

However, the owner of the site is an individual, not a business or organization.  Thus, he or she is in a much weaker position than Mozilla, which already has an established relationship with Google with regard to safe browsing.  Thus, Mozilla should also contact Google.
Summary: False Positive on Malware at a Web Site → Malware false positive on emptyloop.com
To a casual examination, the Emptyloop site links to enough third-party file hosting services - including some the page itself describes as unauthorized - that at least some of the criteria listed in Google's site diagnostic report seem very likely to be legitimate.

David: While you may disagree with their decisions, reopening bugs is not an effective way of voicing your disagreement. Our engineers' decisions about bug resolution are not negotiations, and Francois' decision stands.
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: