If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Malware false positive on emptyloop.com

RESOLVED WONTFIX

Status

()

Toolkit
Safe Browsing
P5
normal
RESOLVED WONTFIX
9 months ago
8 months ago

People

(Reporter: David E. Ross, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

9 months ago
Created attachment 8823148 [details]
Error popup when blocking http://www.emptyloop.com/unlocker/

Windows 7 Ultimate SP1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 SeaMonkey/2.46
Preference variable browser.safebrowsing.malware.enabled set to True

I have been using the Unlocker application from the cited URI for many years.  Every so often, I visit that site to see if there is an update.  With SeaMonkey 2.46, my access is blocked with the malware popup seen in the attachment.  I can unblock it by changing browser.safebrowsing.malware.enabled to False, but that should not be necessary.  

With AVG Anti-Virus LinkScanner Surf Shield enabled, the site is not flagged as containing malware.
This site has been flagged as dangerous by Google (last updated on 2017-01-09):

> Current status: Dangerous
> 
> emptyloop.com/unlocker contains harmful programs.
> 
> Site Safety Details:
> 
> - Some pages on this website send visitors to dangerous websites.
> - Some pages on this website install malware on visitors' computers.
> - Attackers on this site might try to trick you into installing programs
> that harm your browsing experience (for example, by changing your homepage
> or showing extra ads on sites you visit).

See https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=http://www.emptyloop.com/unlocker/ for the full report.

Instructions for the site owner on how to clean their site are available here: https://www.google.com/webmasters/hacked/
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → WONTFIX
(Reporter)

Comment 2

9 months ago
The fact that Google thinks this is a dangerous Web site does not make it so.  The WebScanner component of AVG Anti-Virus does not think this site is dangerous.  I believe this to be a false-positive that, if not corrected, will cause users to disable Safe Browsing for malware sites (as I have done).  

I sent an E-mail to the owner of the site, suggesting that Google be contacted.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to David E. Ross from comment #2)
> I sent an E-mail to the owner of the site, suggesting that Google be
> contacted.

Thank you.

Since we get the list of malware/unwanted software from Google, that's the correct way to fix any false positives in the list.
Priority: -- → P5
(Reporter)

Comment 4

9 months ago
(In reply to François Marier [:francois] from comment #3)
> (In reply to David E. Ross from comment #2)
> > I sent an E-mail to the owner of the site, suggesting that Google be
> > contacted.
> 
> Thank you.
> 
> Since we get the list of malware/unwanted software from Google, that's the
> correct way to fix any false positives in the list.

However, the owner of the site is an individual, not a business or organization.  Thus, he or she is in a much weaker position than Mozilla, which already has an established relationship with Google with regard to safe browsing.  Thus, Mozilla should also contact Google.
Summary: False Positive on Malware at a Web Site → Malware false positive on emptyloop.com

Comment 5

8 months ago
To a casual examination, the Emptyloop site links to enough third-party file hosting services - including some the page itself describes as unauthorized - that at least some of the criteria listed in Google's site diagnostic report seem very likely to be legitimate.

David: While you may disagree with their decisions, reopening bugs is not an effective way of voicing your disagreement. Our engineers' decisions about bug resolution are not negotiations, and Francois' decision stands.
Status: REOPENED → RESOLVED
Last Resolved: 9 months ago8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.