URL:CardStealer

[fuechsesindcool]

Hello,

does anyone know what URL:CardStealer is? Avast blocked it three times today and it just keeps happening, so I think its a virus. However, neither Avast nor Windows found anything.

[Pondus]

does anyone know what URL:CardStealer is?

As the name say, a website that steal creditcard info

https://blog.sucuri.net/?s=Card+stealer

[Dinobot2]

I don't know about your issue (what were you doing when it pops up for you?), but I got the same alert when VLC tried to update, so i'm suspecting this might be a false positive or an Avast bug.

[Pablo R]

Hello everyone,

I am getting the same issue starting today, i did not install any new software or visit phishy websites therefore I think it is a false positive, can someone from Avast Team confirm this?

I have the same message that crl4[.]digicert[.]com/sha2-assured-cs-g1 is infected but when I run avast anti virus it found zero threats.

[waking]

does anyone know what URL:CardStealer is? Avast blocked it three times today and it just keeps happening, so I think its a virus. However, neither Avast nor Windows found anything.

You may misunderstand what an "URL" threat means. It indicates that
a link to a domain is blacklisted as having been found to host some
malware or other threats in the past. As it is often listed by the
domain name and not a specific threat at that domain, you may get
an alert even when you are not actually tying to access an actual
threat (infected file, etc.).

Further, the attempt to access that domain (URL) may be embedded
in the HTML code for some other site that you are visiting. It
is not necessary for you to have explicitly tried to access that
domain yourself.

As an "URL" threat refers to a potential threat at some remote site,
it is usually pointless to go scanning *your* computer looking for
malware related to such an alert.

However, in this case since 0 of 91 security vendors at Virus Total
flag http://ocspDOTdigicertDOTcom as a threat it may well be a false
positive. Ironic given that digicert is a security service - a
certificate provider AFAIK.

[chris..]

same issue for me yesterday with ocsp.digicert.com

I would like to point out that this alert occurred during a malwarebytes scan. I had no browser open

[laybel]

Got the exact same triggered notification from Avast word for word.

Couldn't figure out what caused it, kept popping up even after restarting my PC before opening anything, but managed to make it stop by using Avast to block the URL.

[DavidR]

@    Dinobot2
Looks like the VLC media player is checking for updates, but avast doesn't like the update.videolan.org landing point.

You can try - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

****
For those experiencing this if they don't have VLC, but the alert is initiated by svchost.exe, as fuechsesindcool is, see - https://forum.avast.com/index.php?topic=321842.msg1695989#msg1695989 - why the svchost.exe would be connecting to that location, but they too could reported it as a possible false positive as outlined above. However they may be more to this than what Dinobot2 reported in Reply #2

[Dinobot2]

@    Dinobot2
Looks like the VLC media player is checking for updates, but avast doesn't like the update.videolan.org landing point.

You can try - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

Which is weird because when I simply uninstall VLC and then re-install the latest version from the website, it's fine. I don't get a WebShield alert on Videolan.org or anything.

[chris..]

I confirm.
Before,...every time I wanted to open vlc, avast honked.
No more problem with the latest version (full download).
The update (update.videolan) goes through another link than the full version download (get.videolan) but it's still the same domain.
And as I said above, yesterday I got the same warning with "malwarebytes" update.(no warning today)

edit:when I do "check for updates" in vlc (new version), the alert is back

[DavidR]

I confirm.
Before,...every time I wanted to open vlc, avast honked.
No more problem with the latest version (full download).
The update (update.videolan) goes through another link than the full version download (get.videolan) but it's still the same domain.
And as I said above, yesterday I got the same warning with "malwarebytes" update.(no warning today)

edit:when I do "check for updates" in vlc (new version), the alert is back

Presumably the check for updates uses a slightly different URL (or the one in Dinobot2's attached image).  If so then that needs to be reported as a possible false positive.