Hi All,
there's a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn't doing any harm up until recently as every DNS server should be reporting that domain as non-existent.
Note this response from Google DNS servers:
nslookup su2.ff.avast.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find su2.ff.avast.com: NXDOMAIN
What seems to be happening is this. Some ISPs are possibly using this service
www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.
We'll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.
Regards.