cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

Google searches coming up as Malicious?

Jump to solution

Recently upgraded to 7.2.0.2

I have a user who is doing searches and being redirected and blocked. When doing a search for "web filtering software" on google the first result after the ads is http://www1.k9webprotection.com. Upon clicking on the link he gets block like so:

image001.png

First, I don't know why he's veing redirected to google ads when it's not an ad link. Second, when is google ads Malicious? Third, Malicious and Minimal Risk? Somethings not right here.

Using the internal check URL (thanks e²!) I get the same result:

image003.png

For the grand finale Trusted Source shows no category:

image002.png

Where's the disconnect?

TIA

0 Kudos
1 Solution

Accepted Solutions
ittech
Level 13

Re: Google searches coming up as Malicious?

Jump to solution

Running the virus scans did the trick. The user hasn't had any problems since thier removal. As I stated earlier a local scan removes most of the infections, but a remote scan with users logged out of the machine seems to clean everything up and resolved the issue.

Thanks everybody for your assistance!

0 Kudos
23 Replies
ittech
Level 13

Re: Google searches coming up as Malicious?

Jump to solution

Today when I try to go to http://www.k9webprotection.com/ the site times out. Was it the site this whole time?

0 Kudos
shaneg
Level 9

Re: Google searches coming up as Malicious?

Jump to solution

Take a look and ensure that you are not being redirected to an SSL version of Google - it appears that when my users are not 'properly' authenticated and they try to hit Google (and its the httpS) it chokes on me as well.

0 Kudos
ittech
Level 13

Re: Google searches coming up as Malicious?

Jump to solution

No, it's not HTTPS as far as I can tell. The original block screen shows HTTP. That's a good thought though, I'll keep it in mind and double check on the user's side.

0 Kudos
asabban
Level 17

Re: Google searches coming up as Malicious?

Jump to solution

Hello,

can you replicate the problem at the moment? Do you have some lines of access.log that show it?

Best,

Andre

0 Kudos
ittech
Level 13

Re: Google searches coming up as Malicious?

Jump to solution

Can't currently replicate

Also, don't have the access.logs anymore. Would a detailed web report help? Or can they be recovered from the Web Reporter?

0 Kudos
trishoar
Level 11

Re: Google searches coming up as Malicious?

Jump to solution

I see this fairly often with a lot of different sites though Goggle is a fairly common culprit.

The site it's self it known to be minimal risk, however that server, or URI may have had something on it that McAfee have classed as Malicious. From what I can tell, this is an automated process by Trusted Source. The incidents of this are normally transient, though when I do see it, I always report the link to Trusted Source and it is quickly resolved.

BTW, the block pages have some potentially sensitive internal details of your network, such as the users User ID, and the departments they work for. you might want to remove it.

Tris

0 Kudos
asabban
Level 17

Re: Google searches coming up as Malicious?

Jump to solution

Hi Tris,

thanks for the insight. I can confirm that from time to time I have seen reports about something being blocked, whille a few moments later the issue did not show up again. I am very interested in catching examples of "known good websites" being rated as malicious, but it is very rare that I get an example I can replicate (thats why I asked if you can replicate it).

Basically we do not only categorize the URL, but also Paths or Parameters can influence the result. Additionall Category and Reputation are independent from each other, so it could happen that a specific piece of the URL leads to a malicious rating, while the overall reputation of the domain is still good.

We have around 20 URL filter updates a day and usually such issues are resolved very quickly. I personally would ask the user to check if the issue persists. If it does we should replicate the problem and find out what causes the block. If the issue is gone most likely a URL filter database update has resolved the issue magically. It would require the URL and the exact URL filter database version to replicate the problem.

Best,

Andre

0 Kudos
ittech
Level 13

Re: Google searches coming up as Malicious?

Jump to solution

@tris - I thought about reporting it to Trusted Source, but since I couldn't replicate it on a different PC today I figured I should wait. Thanks for the sensitive info heads up, too! I usually do my best to edit , but I must've been in a rush; I don't see a way to edit my post though

@andre - I've asked the user to be on the lookout and try it on his free time. The strangest thing was yesterday afternoon (of course this happened at 4:50pm!) that as I watched this happen, I asked the user to try out Bing. So, we searched Bing for web filtering software and found the K9 listing in the results. When he clicked on the link we got the same googleads/malicious sites block page! I still can't figure that one out.

0 Kudos
btlyric
Level 12

Re: Google searches coming up as Malicious?

Jump to solution

Sounds like a browser hijack.

The URL that it's referring to is googleads.l.doubleeclick.net rather than doubleclick.net. doubleeclick.net is a malicious domain.

There's some discussion here:

http://productforums.google.com/forum/#!topic/websearch/DexO-rADIjs

and here:

http://www.reddit.com/r/techsupport/comments/yr6v7/new_google_redirect_virus/

0 Kudos