Avast WEBforum

Other => Viruses and worms => Topic started by: nikola.obreshkov on October 08, 2021, 09:58:34 PM

Title: False Positive for Modern Chess website
Post by: nikola.obreshkov on October 08, 2021, 09:58:34 PM

Please, remove https://www.modern-chess.com/ from the blacklist. For the last couple of days Avast web protection has blocked our website with the message URL: Botnet. However, the hosting security detector and several online scanners all say that the website is clear. It could be related with the Facebook outage making our website to load slowly because of the not working FB Pixel integration. I have reported the website here:
https://www.avast.com/false-positive-file-form.php
Thank you!

Title: Re: False Positive for Modern Chess website
Post by: DavidR on October 08, 2021, 10:24:02 PM

Nothing found here - https://www.virustotal.com/gui/url/9e3c98dd7aaa120c40888fe7873bc46ef0dc1e2da8e07cc7ed8fd2edd5042157
Low Security Risk here - https://sitecheck.sucuri.net/results/modern-chess.com - but some hardening points to consider.
Out of date software found here - https://awesometechstack.com/analysis/website/modern-chess.com/
-  This may or may not be what Avast is alerting for - but you should certainly address this.

You should get a response from Avast in a day or two.

Title: Re: False Positive for Modern Chess website
Post by: polonus on October 08, 2021, 11:19:20 PM

This is the external link that is being flagged twice as malware by VT (an Amazon S3 bucket):
htxps://chimpstatic.com/mcjs-connected/js/users/e267209b8766c50c52ffd5128/b71817e0756f15d07c1db5ec2.js

See: https://www.virustotal.com/gui/url/46d164ae94989316abc2440f5d45828d0600507bd63b88382fafdbd416ca5660?nocache=1

polonus

Title: Re: False Positive for Modern Chess website
Post by: nikola.obreshkov on October 08, 2021, 11:40:15 PM

Dear DavidR and polonus,

thank you for your replies. I looks like that the most dangerous thing is the chimpstatic js script which is part of the MailChip integration. But then every site that uses MailChimp should be flagged as infected as well.

Regards!

Title: Re: False Positive for Modern Chess website
Post by: DavidR on October 09, 2021, 12:50:02 AM

You're welcome.

Title: Re: False Positive for Modern Chess website
Post by: polonus on October 09, 2021, 05:40:24 PM

Hi nikola.obreshkov,

It is not exactly as you put it. Hackers are abusing mailchimp to spread malware,
that is why using it means taking a risk in the case it is being abused.

Read online about this abuse: https://www.libraesva.com/hackers-using-mailchimp-spread-malware/

So there were users because of such malware that moved away from using mailchimp.

polonus

Title: Re: False Positive for Modern Chess website
Post by: nikola.obreshkov on October 09, 2021, 09:28:06 PM

I will gladly switch to another newsletter service if Avast confirms that this is the issue. So far there is no word from them.

Title: Re: False Positive for Modern Chess website
Post by: DavidR on October 09, 2021, 11:46:59 PM

Unfortunately it is still being detected.

Title: Re: False Positive for Modern Chess website
Post by: nikola.obreshkov on October 10, 2021, 09:12:26 PM

Now it should be gone. This tool:
https://www.virustotal.com/gui/domain/modern-chess.com
give all Clean.

Title: Re: False Positive for Modern Chess website
Post by: DavidR on October 11, 2021, 12:25:24 AM

Quote from: nikola.obreshkov on October 10, 2021, 09:12:26 PM

Now it should be gone. This tool:
https://www.virustotal.com/gui/domain/modern-chess.com
give all Clean.

It's not that great as it doesn't actually do a live scan of websites (only of uploaded files), it is just checking various lists.  You should notice that Avast isn't on the list for URL checks, only file scans.