American Express Website - Infection Blocked Popup

[REDACTED]

I access online.americanexpress.com every day. This morning I got the "Avast Infection Blocked" pop up. This has never happened before

Here is the screen shot.

HELP!!!!!

[REDACTED]

Me too....it was fine yesterday and not today. This is critical........

[REDACTED]

Following this post. I had the same problem today and had to disable webshield in order to go to the site.

[REDACTED]

I am having the same issue with everything American Express.

[DavidR]

Just tried it on the home page americanexpress.com, it redirects to the UK address and that also throws up an alert (image1).

I clicked the link in the alert window to report as a false positive, but I get an error when trying to report it (image2).

[REDACTED]

Still can’t log on to Amex and I need to make a payment today.  Very aggravating, I tried to disable the Avast Web scan and get a series of errors. Here’s what happens:
First I go to “Tools” on the Avast menu. Then Web Shield. I click on “Disable” it goes to my Macbook Pro account login. I enter my passwprd  and click on “Install Helper”. I then get a “Authorization Failed” pop up. I click OK and then get “Communication with Avast Failed” pop up. I click OK and then get “Configuration Error” pop up. I click OK and then it goes back to the Avast Tools menu.
How do I disable the Web Shield?

[DavidR]

Whilst this would ordinarily go in the viruses and worms sub-forum, the fact you are using the avast 4 Mac version, you might some information on disabling the Web Shield https://forum.avast.com/index.php?board=5.0.

Most of the people using this forum will be using the windows version of avast, so won't be familiar with the Mac version of avast.

[Asyn]

-> https://forum.avast.com/index.php?topic=188020.0

[REDACTED]

Here's a twist to this.  Normally, I use the latest version of Firefox.  And when I logged onto "www.americanexpress.com" this morning, I got the block.

But ...

When I used the latest version of Internet Explorer, no block, no problem.  Does Avast "selectively" block sites based on the browser someone is using?

[bob3160]

Here's a twist to this.  Normally, I use the latest version of Firefox.  And when I logged onto "www.americanexpress.com" this morning, I got the block.

But ...

When I used the latest version of Internet Explorer, no block, no problem.  Does Avast "selectively" block sites based on the browser someone is using?

Almost sound like the block is coming from the AOS tool since it works in Firefox but not in IE

[DavidR]

Here's a twist to this.  Normally, I use the latest version of Firefox.  And when I logged onto "www.americanexpress.com" this morning, I got the block.

But ...

When I used the latest version of Internet Explorer, no block, no problem.  Does Avast "selectively" block sites based on the browser someone is using?

Today I was able to connect without alert, using firefox latest 47.0.1 version and avast on-line security (AOS) plug-in. Yesterday I was getting alerts when I tested this.

[polonus]

Hi DavidR,

But detected insecurity for the certificate used on/for that Akamai's HTTP Acceleration/Mirror service:
a184-86-178-164.deploy.static.akamaitechnologies.com

Certificate is not installed correctly
a184-86-178-164.deploy.static.akamaitechnologies.com
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by GeoTrust Inc. to help secure personal and financial information.
Common name:
 americanexpress.com
SAN:
 m.americanexpress.com, web.aexp-static.com, m.aexp-static.com, secure.americanexpress.com, rewards.americanexpress.com, cms.americanexpress.com, www.aexp-static.com, www.americanexpress.com, community.americanexpress.com, developer.americanexpress.com, rewards.aexp-static.com, wwwaiu.americanexpress.com, cardapp.americanexpress.com, amexmobile.com, www.amexmobile.com, secure.cmax.americanexpress.com, home-int.americanexpress.com, network.americanexpress.com, pub.aexp-static.com, icm.aexp-static.com, home.americanexpress.com, americanexpress.com
Valid from:
 2016-May-10 00:00:00 GMT
Valid to:
 2017-Jun-09 23:59:59 GMT
Certificate status:
 Valid
Revocation check method:
 OCSP
Organization:
 American Express Travel Related Services Company Inc
Organizational unit:
 Consumer
City/locality:
 Phoenix
State/province:
 Arizona
Country:
 US
Certificate Transparency:
 Embedded in certificate
Serial number:
 4ebd4a85ffcfa86506233ca735c1bfbf
Algorithm type:
 SHA256withRSA
Key size:
 2048
Certificate chainShow details
GeoTrust SSL CA - G3Intermediate certificate
americanexpress.comTested certificate
Server configuration
Host name:
 a184-86-178-164.deploy.static.akamaitechnologies.com
Server type:
 AkamaiGHost
IP address:
 184.86.178.164
Port number:
 443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
 Enabled
Downgrade attack prevention:
 Enabled
Next Protocol Negotiation:
 Enabled
Session resumption (caching):
 Enabled
Session resumption (tickets):
 Enabled
Strict Transport Security (HSTS):
 Not Enabled
SSL/TLS compression:
 Not Enabled
Heartbeat (extension):
 Not Enabled
RC4:
 Not Enabled
OCSP stapling:
 Not Enabled

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME

Here a CNames' survey:
https://www.robtex.org/en/advisory/dns/com/americanexpress/www/
with a minus 10 points score from VT, because 2 pages found, triggering on average 1% antiviruses

This for the Amsterdam situation.

polonus

[DavidR]

@ polonus,
That may well be the case, but I rather doubt that was why avast was alerting on VBS:Malware-gen as the alert message .

[polonus]

Hi DavidR,

No it was not directly related to that apparently FP detection.
What that actually was I have explained in detail here: https://forum.avast.com/index.php?topic=188020.0

But the certificate issue could have lead to this compromittal being performed easier,
as also excessive server header info proliferation is detected.
One should not expect such insecurity and not keeping to best practices
on the  Akamai's HTTP Acceleration/Mirror service at the Amsterdam backbone exchange.
I am not feeling particularly amused as I know how secure it could have been when best practices had been kept.

polonus

[REDACTED]

Well, this morning, I logged on with Firefox and got no block or warning.  So, hopefully, this is fixed.