Author Topic: Threat Detected:- HTML:Paypal-B [Phish]  (Read 15033 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Threat Detected:- HTML:Paypal-B [Phish]
« on: July 10, 2018, 12:49:56 PM »
Good morning,

After running an anti-virus scan yesterday, Avast picked up this possible threat HTML:Paypal-B [Phish] see link below for more.
I'm not sure if it's a real threat, or a False Positive?
Using the search facility above others have found this to be a False Positive in the past, although their issues were not the same as mine, they didn't pick this threat up from an A/Virus scan.

If I "Send for Analysis" will I hear back?
Also if I send it for analysis will I be sending a copy of this file or the actual file?

https://postimg.cc/image/4x4bjz9kb/

Any advice or help would be appreciated.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #1 on: July 10, 2018, 01:02:09 PM »
your link does not work. attach screenshots here, see below the box you write in here > Attachments and other options

at what location was it found ... full file path



Quote
If I "Send for Analysis" will I hear back?
Usually only for false positive requests

Quote
Also if I send it for analysis will I be sending a copy of this file or the actual file?
Copy


« Last Edit: July 10, 2018, 01:03:55 PM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #2 on: July 10, 2018, 01:12:53 PM »
The link worked for me.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #3 on: July 10, 2018, 01:32:22 PM »
Paypal security is not optimal to say the least, see from these scan results: https://www.htbridge.com/websec/?id=ekedIL6b
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness

COOKIE: X-PP-SILOVER
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing Secure flag, make sure it does not store sensitive information.
Misconfiguration or weakness

COOKIE: AKDC
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness

Not-secured connection- htxps://23.194.182.174/ with PHISHING threat... (no third party tracking seen?).

Whenever the site is brought up as a fake phish from inside a mail-link, avast may detect HTML:Paypal-B [Phish].

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #4 on: July 11, 2018, 11:09:39 AM »
your link does not work. attach screenshots here, see below the box you write in here > Attachments and other options

at what location was it found ... full file path



Quote
If I "Send for Analysis" will I hear back?
Usually only for false positive requests

Quote
Also if I send it for analysis will I be sending a copy of this file or the actual file?
Copy

Pondus,

I'm sorry the link didn't work for you, although it worked for DavidR, rather strange. I did try posting a screenshot yesterday, but for some reason or other I could only get a link to work, or not as the case may be ;)

I'll have another go to show the location:-



Rather odd that, it worked first time today!
The red bits if you're wondering are just covering my name which I added.



Paypal security is not optimal to say the least, see from these scan results: https://www.htbridge.com/websec/?id=ekedIL6b
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness

COOKIE: X-PP-SILOVER
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing Secure flag, make sure it does not store sensitive information.
Misconfiguration or weakness

COOKIE: AKDC
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness

Not-secured connection- htxps://23.194.182.174/ with PHISHING threat... (no third party tracking seen?).

Whenever the site is brought up as a fake phish from inside a mail-link, avast may detect HTML:Paypal-B [Phish].

polonus

Polonus,

I'm assuming by that it may not necessarily be a False Positive, but possibly a potential threat, so good to have it removed ?


Thanks to all who replied.

« Last Edit: July 11, 2018, 11:33:01 AM by Starship1 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #5 on: July 11, 2018, 12:27:57 PM »
Quote
I'm assuming by that it may not necessarily be a False Positive, but possibly a potential threat, so good to have it removed ?
Only avast lab can answer that


REDACTED

  • Guest
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #6 on: July 11, 2018, 09:10:47 PM »
Quote
I'm assuming by that it may not necessarily be a False Positive, but possibly a potential threat, so good to have it removed ?
Only avast lab can answer that

Pondus,

Your probably right.

I let VirusTotal scan the file, only 2 out of 59 detected a problem, Avast and AVG. I believe Avast and AVG are now one IIRC.









If I send it for analysis do I send it as Potential Malware or a False Positive?

« Last Edit: July 11, 2018, 09:17:15 PM by Starship1 »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #7 on: July 12, 2018, 11:56:18 AM »

REDACTED

  • Guest
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #8 on: July 12, 2018, 01:54:28 PM »

REDACTED

  • Guest
Re: Threat Detected:- HTML:Paypal-B [Phish]
« Reply #9 on: July 26, 2018, 08:39:55 PM »
Update.

I heard back from Avast on the 16th July 2018 which I though was quite quick. Their reply is below in Blue text.
I didn't post up here a day or so later as Avast A/V was still detecting it as a threat. Now however Avast A/V doesn't detect any problem with it.
It's good to know it was a False Positive.

Many thanks to Avast for checking this out and updating your database.

Hello,

Thank you for reporting this false positive.

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

For future reference you might also find the following article to be useful: Avast Clean Guidelines.


Best regards,

Avast Customer Care