Full details are online here (mod JTH):
https://portableapps.com/blogs/johnhaller/2012-02-03_-_malware_warnings_...
I love this website so much that I want to alert you to a persistent web attack. I have norton 360 small business edition 5.0. I'm sure that this is not a false positve or otherwise i would not bother to write a post.
My security system says "web attack black hole toolkit website 12"
this attack is happening with EVERY single thing i click on this website.
I.P. address this attack is coming from is 72.32.40.232
I don't want this situation to be an ongoing problem because this is one of my main download sources for portable apps. I don't know how this will affect updates for your platform or if your website security is already taking care of it.
all i know is that i'm getting these intrusion attempts from a russian toolkit with every link i click on.
Thank you for taking the time to read this and have a nice day. Btw you guys ROCK!!!!
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
Firefox reported it too although if I ask for why, it sends me to a page that says no malware has been found in the last 90 days. I hope this solves itsself quickly.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
based in Switzerland, some not clearly identified site is interfering and is kind of highjacking the portableapps.com site and tries to explain me that it is poosible 'attack' but not telling what should be wrong.
Not happpening in IE, just FF
It is definitely not comming from antivirus, it is some kind of fake security warnig by some fantasy org or similar.
---
the site seems to call it self stopbadware.org
cure: just click on the small link down right saying something 'I don't care' and when the further warning pops up, then close it by clicking the cros on the right .
Otto Sykora
Basel, Switzerland
Its not antivirus, its mozillas warning. they use a list of malware sites provided by google.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
but are you sure abt that?
If they were using googles database really, then they could not issue a warning as google database seems to have no traces of complain in it at all.
To me it looks like some fake 'security' site trying to bother, later probably sell , what ever.
Otto Sykora
Basel, Switzerland
I am on Ubuntu and am not running any antivir at all so Im pretty sure about that.
But maybe its something else...?
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Only getting warning on firefox -- other browsers are loading site normally
strangely all seems OK in mozilla's seamonkey
Warning: Something's Not Right Here!
portableapps.com contains malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified portableapps.com that we found malware on the site. For more about the problems found on portableapps.com, visit the Google Safe Browsing diagnostic page.
If you understand that visiting this site may harm your computer, proceed anyway.
Help improve detection of malware by sending additional data to Google about sites on which you see this warning. This data will be handled in accordance with the Safe Browsing privacy policies.
The site is NOT likely to be infected. It's more likely an issue with the back end site advisory service.
That's just an opinion (about the likelihood of the site being infected). There have been spam attacks they reported recently so it's not out of the realm of possibility.
I'm still going to run a few Antivirus scans against my system as I've been happily browsing PA's site throughout the day... and have downloaded and installed a few apps.
It doesn't hurt to be safe.
I would think that the webmaster/admins at PortableApps would want to contact Google and find out what is going on. Right now I have to bypass the security warnings in multiple browser to see this website.
The fact that someone is also getting warnings from Norton Security means that the problem is more than just a single source. You guys have been flagged, and until that gets rectified it is going to mean a lot of folks are going to steer clear of your website.
It would also mean a lot if you guys would make a public statement about the issue.
no warning on 9.0.1, 10 beta or 3.6.2* ... is problem in firefox 10 final?
I got the warning in FF 9.0.1 as well. Google needs to be contacted. This is scaring people.
Google was contacted hours ago: https://portableapps.com/node/30962#comment-189819
Sometimes, the impossible can become possible, if you're awesome!
Your quick response to this issue was awesome!
One quick suggestion: Maybe consider adding a notice to the portableapps.com homepage that explains what happened, and leave it up for at least a week or so. This way, visitors who initially stayed clear of portableapps because they saw the Google warnings can easily see the explanation if they check back in the future.
I've confirmed that this seems to be Google-related, by searching "portable apps" in Safari on the iPhone & clicking on the PA.c link in the search results. The following page pops up, and has a google URL:
Clicking on the link to the diagnostic page gives the following:
Looks like John needs to request a review using Google's Webmaster Tools.
http://imageshack.us/f/46/reportedattack.png/
There was a security issue in Drupal that was patched yesterday, but we didn't get the release notification from Durpal.org for some reason. Someone attempted to perform a JS injection attack on the site some time this AM (which failed). However, the inserted bits were detected as possibly malicious. As the file that was attempted to be infected isn't needed by our current theme anyway, the file was removed entirely (which should speed up the review). Yesterday's Drupal patch was fully applied and verified.
Google has been notified and a review has been requested to remove the warning. Note that during this time, no infected files were served and no malware was inserted.
Sometimes, the impossible can become possible, if you're awesome!
Thanks for the clarification John! Working for me again without issues.
Another battle won by the good guys! Hooray, Hooray, Hooray! Fight the good fight people!
PS-a little criticism: it can appear that your initial response of a false positive was a bit premature :).
I've removed the false positive remark. Norton has false positives about monthly, so it isn't given much weight (boy who cried wolf and all).
Sometimes, the impossible can become possible, if you're awesome!
According to Symantec, the issue with Norton 360 has been resolved. Could someone using this (like the original poster darkness2fall) please verify this?
Sometimes, the impossible can become possible, if you're awesome!
Ahhhh you guys are fast. Knew it has something to do with the Safebrowsing thingy though I didn't know it had something to do with Drupal
Norton reports all clear and im not getting web attack warnings anymore when i click on a link. Google analytics is still bringing up the red attack page but i reported that as a false positive.
I want to thank all of your for your prompt feedback. i know norton has a high fp rate but since i never had a problem EVER with your website until this morning,i thought i'd alert everyone. i truly love this website and i use your portable apps all the time at work and home and i believe it's in everyone's best interest to keep this website safe for everyone at all times.
Once again i thank Mr. Haller and everyone for your prompt feedback and expediency regarding security issues. Bty WE LOVE YOU GUYS!!!!
without all those self declared 'internet police' who while claiming to be so big experts, are producing just nothing but hot air and pointless traffic and stealing my time...and so on...
Otto Sykora
Basel, Switzerland
Disable it if you don't like it; in FireFox, options, security, Block Reported Attack Sites. I'm sure Chrome has a similar option.
For myself, I appreciate the extra protection - layers of security and all that.
I tried to connect to this site Friday evening about 6-7 PM P.S.T. I just upgraded from 3.6.17 to 3.6.26 yesterday. Upon trying I got the Report Attack Site for the first time, I clicked on the More information or whatever it was, And it said in the last 90 days they found nothing in every category they had, but the top said something like malicious site. After further research there were complaints at Mozilla about this and more research led me to find FF uses Google Safe Browsing whatever. And that's where the report led me. Now, my knowledge and further reading tells me the site might be taken over so to speak and will be fixed, so instead of bypassing and saying the site is okay, and take a chance on getting infected or something, I wait and see what happens, things like this are usually fixed in a half a day or a day or 2 max. What ever time ti is now, So after several reported attack site tries from directly typed url and clicking links to PA and PA forums and such, I waited and just now I am in no problems. I am glad I waited. So the problem with Disabling it is, you never know, okay so we know the site is good, and all about false positives and complaints at forums, but what if the site was hacked or taken over or redirecting and you get infected ?. I find myself glad I waited and had to do nothing other than that. Oh I also went to virustotal and scanned the url http://portableapps.com and out of about 12 Programs and or sites Google Safe Browsing was the only one showing it bad or malicous. Still glad I waited.
Well, I'm really glad you blokes are back up & everything is fine. I first noticed this 'security flap' on Wilders' forums. Looks like the bad guys lose this time! Keep up the good work anyway, the portable apps I use from here are invaluable for me at work.
Dave
Don't know if it's relevant but I maintain a few small apps created with AutoIt. The AU3 compiler compresses executables with UPX by default, and I was getting numerous false malware positives. Removing UPX compression solved the problem. I guess we have to accept that compressing executables makes AV software suspicious.