6 Replies Latest reply: Apr 1, 2012 5:56 AM by Alexander Buckland RSS

    McAfee SiteAdvisor + Facebook

    Alexander Buckland

      This message is intended for the developers of SiteAdvisor, more specifically any developers relating to the Facebook Implementations of this product.


      I have identified a serious issue with the SiteAdvisor "addon" for Facebook. Any link either via messaging, or from a Facebook Page's posts, will trigger a "Site Blocked" alert if not confirmed as safe in your databases.


      Many of my own sites, and other businesses sites, all with high Alexa rankings have not yet been scanned. This results in a "Site Blocked" warning when using the links on Facebook. I know some businesses use Facebook as a primary source of website traffic, this will kill that traffic.


      A typical user will NOT continue when presented with a "Site Blocked" warning... this removes that visitor from the potential customer list, and may also affect the sites "Word of Mouth" rating.


      I am highly concerned not only for my own sites, but also for the other millions of sites using Facebook for advertising. Your SiteAdvisor, even, as far as I know blocks some Facebook Adverts ... people PAY for these adverts, and your SiteAdvisor makes them pay for nothing in some cases.


      I urge you to deal with this issue. Instead of using a "static" lookup where the site is checked against an existing list, why not create a dynamic tool to SCAN the site on your servers, and sending the results back to the viewer. This result could then be used for the next 24 hours for visitors of that site, minimizing server load.


      I know that some current AV vendors, including BitDefender and Norton ( in partial ) offer this sort of dynamic web-scanning, whilst offloading the scans onto their own servers.


      This would also greatly reduce site testing requests, and maybe even allow your staff to be more productive.


      I greatly urge you to take careful consideration of my advice, it could seriously help you out in the long run.


      Many Thanks.


      Alexander Buckland

        • 1. Re: McAfee SiteAdvisor + Facebook

          Moved provisionally from Business (general) to SiteAdvisor Enterprise, for better attention.


          Message was edited by: Ex_Brit on 28/03/12 2:25:54 EDT PM
          • 2. Re: McAfee SiteAdvisor + Facebook
            Alexander Buckland

            Not even a single reply in almost 24 hours?


            Oh and on anothe note, http://siteadvisor.com/userfeedback.html won't allow me to send anything. It says "Name Required" even though its there...

            • 4. Re: McAfee SiteAdvisor + Facebook
              Alexander Buckland

              Come on McAfee !


              Get a move on, and listen to our complaints !


              If Facebook realises that in even some cases their ADVERTS are being blocked ... they're not going to be happy !

              • 5. Re: McAfee SiteAdvisor + Facebook

                Moved back to the Consumer section. SiteAdvisor Enterprise is for users with the Business version of SA installed. That doesn't seem to be applicable here.


                @AlexanderBuckland : this is primarily a user forum. SiteAdvisor team members do check the posts in the Consumer area, so you may get noticed.


                The feedback form worked when I sent a test message 2 minutes ago. Check you have Javascript enabled and allow cookies for that site.

                Dear valued user,

                Thank you for your submission. Your involvement in our product is highly valued and helps us to better serve you.

                If your message is regarding a customer service issue, or an issue with McAfee software that is not SiteAdvisor, please contact the McAfee support team. We want you to get the assistance you need as quickly and easily as possible.

                To obtain McAfee support, please visit http://service.mcafee.com.

                If you are using a McAfee consumer (home and home office) software product, you can call our Consumer Customer Service department at 1.866.622.3911 for assistance. If you are using a McAfee corporate product and you have a grant number, you can call our Corporate Customer Care department at 1.800.338.8754.


                The McAfee SiteAdvisor Team


                Please do not hijack old threads. One thread is enough to put your case.


                As for SiteAdvisor and Facebook :

                First, the use of short URLs is problematical when it comes to trying to get to the bottom of a problem like this. I would rather let the experts on the SiteAdvisor team deal with this.


                Second, Facebook is open to scams, fraud and malware. It may well be true that some Facebook links are unsafe. Right now the Kelihos botnet controllers are rebuilding their botnet, recently taken down by Microsoft, via Facebook - so I'm not going to say that SiteAdvisor is issuing false positives.


                And third, safety ratings are adjusted by TrustedSource, which works pretty much in real-time : the initial SiteAdvisor rating of a site is given after a series of controlled tests but may be altered at any time by TrustedSource.



                Update, 11:07 a.m. ET: Multiple sources are now reporting that within hours of the Khelios.B takedown, Khelios.C was compiled and launched. It appears to be spreading via Facebook.


                Message was edited by: Hayton on 29/03/12 17:49:46 IST
                • 6. Re: McAfee SiteAdvisor + Facebook
                  Alexander Buckland

                  Update, Mar. 29, 5:47 p.m. ET: Facebook released the following statement about reports that Khelios was spreading via the social network.

                  “Kelihos is not spreading on Facebook, but is being dropped by a separate botnet, Fifesoc, which we have been monitoring for several weeks. We have been proactively remediating any infected users in our malware checkpoint, and users can detect and remove the virus themselves by running an updated anti-virus product.

                  We are in active discussion with researchers attempting to eliminate the threat, and have been largely successful at blocking message spam being sent by this botnet since it was first detected. We are still investigating the issue further, and will continuing iterating on our systems until Facebook has completely mitigated this threat. As of yet, the campaign has been largely ineffective at spreading on Facebook and only an extremely small percentage of users have been infected. Fifesoc also spreads through other social media websites, and as always, we encourage people to not click on suspicious links and report any spam they observe on the site. You can find more ways to protect yourself on Facebook here: http://www.facebook.com/security